Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.7 > vBulletin 3.7 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Cyb - Login To User Account Details »»
Cyb - Login To User Account
Version: 2.3, by Valter Valter is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.7.x Rating:
Released: 05-02-2008 Last Update: 04-10-2009 Installs: 553
DB Changes Uses Plugins Auto-Templates
 
No support by the author.

Info:
This will allow forum administrators to simply login to user accounts (to test forum functions, permissions etc...). SuperAdmin can choose admins who are able to use this function. SuperAdmin can set also who can login to other admin accounts. "Login As User" is shown in member profiles and Quick User Links (can be disabled). Option is automatically hidden in your own account and if target user is admin while you have no permissions to login to admin accounts.

See screenshots.


Installation:
1. Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]


Variables:
-Link to login to user in memberinfo: $cyb_ltoua_link_mi
-Logged in as user alert: $cyb_ltoua_alert


To set options:
Go to: AdminCP > vBulletin Options > Cyb - Login To Other User Account


Versions:
v1.0 - May 20. 2006.
-First Release
v1.1 - May 21. 2006.
-Now SuperAdmin can log into other admins
v1.2 - Aug 04. 2006.
-Release of this hack for vB v3.6
v1.5 - Aug 29. 2006.
-Added option to easily go back to admin account
-Alert can be enabled/disabled
-Added "Product Version Checking"
-Only Admins allowed to use function can see "Login As" links
-Several code improvements
v1.6 - Sep 01. 2006.
-Fixed bug (error message at the top of "add new user" page)
-Fixed bug (uncached template)
v1.7 - Sep 05. 2006.
-Now only SuperAdmin can access settings where you choose which Admins can use the hack
-You can also set Admins who will be able to use other Admins accounts (only SuperAdmin can set this)
-Alert moved to navbar so it is now shown on any page to Admin who is logged in as someone else
v1.8 - Apr 23. 2007.
-"Last activity" not changed for target user when admin used account
-"Login As User" automatically hidden in your own account and if target user is admin and you have no permissions to login to admin accounts
-Admin not logged out from ACP when back to original account, except session expired regularly
-Added option to modify alert box CSS
-Many other code improvements and optimizations
-If you have older version of this hack installed please uninstall it before installing latest version or it will not work properly
v1.9.1 - Jul 23. 2007.
-Fixed bug (Security Exploit)
-Fixed bug ("login as user" doesn't work if you access user profile via last post info)
-"Go back" alert moved to header (for must of users there is no need to edit custom styles anymore)
-Now you can go back from banned user accounts without clearing cookies manually
v2.0 - Nov 08. 2007.
-New: Actions logged in Moderator Log
-Fixed bug where admins with primary usergroup different than 6 are not able to use hack
-Several minor bugs fixed
--You MUST uninstall older version before installing this one in order to get it working properly
v2.1 - May 03. 2008.
-Compatible with vBulletin 3.7
-Minor bugs fixed
v2.2 - Jun 23. 2008.
-Added option to disable logs
-Added option to switch to vB 3.6.x compatibility mode
-Fixed bug (session lost for target user when you go back to admin)
-Fixed bug (sessions lost for guests/bots when you login as another user)
-Made several compatibility improvements
v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed


Click INSTALL if you like this hack.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #132  
Old 04-09-2009, 03:38 PM
Gsmdenis Gsmdenis is offline
 
Join Date: Jan 2006
Location: Hongkong
Posts: 70
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Confirm the bugs, Hope Cybernetec fix that soon :-)))))
Reply With Quote
  #133  
Old 04-09-2009, 05:05 PM
Golzarion's Avatar
Golzarion Golzarion is offline
 
Join Date: Jan 2008
Posts: 214
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I mention and said the warning on : 14 Jan 2009, 00:48

https://vborg.vbsupport.ru/showpost....7&postcount=12

This plugin has many bugs ! Specially when you use vbseo or some kind of rewrite_mods !!

It seems some how funny ! because an Administrator use this plugin to log in to user account and read private messages and so on .. BUT the Administrator causes to "hijack" his/her own account first ! and make an unwanted dangerous bug in his/her own forums!!
Reply With Quote
  #134  
Old 04-09-2009, 05:30 PM
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am still wondering why this 3.7 version is not already in the graveyard like the 3.8 version.

This version has the same severe security bug!!!

Send it to the graveyard at once and inform every user of this addon by email to deactivate it like you did this morning with the 3.8 version!

How long are you going to wait? Until many users complain, that their forums have been nuked?!

Come on! It's never been easier than today to get full control over a foreign vB by just modifing your browsers URL!
Reply With Quote
  #135  
Old 04-09-2009, 07:34 PM
jesus likes pie jesus likes pie is offline
 
Join Date: Apr 2005
Posts: 342
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is this safe without an SEO?
Reply With Quote
  #136  
Old 04-09-2009, 08:01 PM
Phobos49 Phobos49 is offline
 
Join Date: Jan 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by jesus likes pie View Post
Is this safe without an SEO?
NO! It does not matter if you have SEO installed or not. In both cases any account in your forum can be hijacked as long as you don't disable this AddOn.
Reply With Quote
  #137  
Old 04-09-2009, 08:53 PM
jesus likes pie jesus likes pie is offline
 
Join Date: Apr 2005
Posts: 342
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay, I think this should fix it.

Try it out and see if you can still exploit it.

note: the attached plugin originates from the 3.8 version which is now in the graveyard, but it should probably work for 3.7 as well

edit: er, apparently vBulletin doesn't prompt you to overwrite plugins which is kinda lame (heh, been a while since I've uploaded plugins rather than products).

You should delete "Cyb - Login To User Account - MI" and then upload my attachment.
Reply With Quote
  #138  
Old 04-14-2009, 10:34 AM
TheCatcher TheCatcher is offline
 
Join Date: Oct 2007
Posts: 55
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thx for Version 2.3 (re-installed) :-)
Reply With Quote
  #139  
Old 04-14-2009, 10:59 AM
NolF's Avatar
NolF NolF is offline
 
Join Date: Nov 2006
Location: You don't wanna know
Posts: 119
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Awesome, thanks for the update
Reply With Quote
  #140  
Old 04-14-2009, 11:11 AM
wfouly's Avatar
wfouly wfouly is offline
 
Join Date: Jan 2008
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

many thanks
Installed and working well with 3.8.2
Reply With Quote
  #141  
Old 04-14-2009, 01:33 PM
Sixpackmark Sixpackmark is offline
 
Join Date: May 2008
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks again! Re-installed
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:43 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04592 seconds
  • Memory Usage 2,312KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete