Go Back   vb.org Archive > News and Announcements > News and Announcements
Reload this Page vBulletin 3.0.7 released
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #11  
Old 02-20-2005, 06:19 PM
sim tech sim tech is offline
 
Join Date: Jan 2005
Location: Georgia
Posts: 140
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Is there going to be a discussion area on which mods will have to be redone if I chose the "upgrade" option over the single file patch? My license with Vbulletin is only a month old, so I can do the full upgrade if I want.

But I have installed - "for members who posted today" hack,
Installed pm.php AND users.php hack - for PMs
Also installed V3Arcade
vbookie installed
ucash and ustore installed

Crud - will I have to redo all of these?? Would it be worth it to upgrade from 3.0.6 to 3.0.7 or is just the patch good enough?
Reply With Quote
  #12  
Old 02-20-2005, 08:03 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
With only 4-5 hacks, best to upgrade to 3.0.7 which fixes some bugs (albeit minor ones) and reapply the hacks. You will have to do all of them.
Reply With Quote
  #13  
Old 02-20-2005, 08:55 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Remember it's only the file edits you need to re-do, not complete hack re-installs.
Reply With Quote
  #14  
Old 02-20-2005, 09:49 PM
oldfan's Avatar
oldfan oldfan is offline
 
Join Date: Jul 2004
Posts: 813
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I got 27 mods/addons/hacks installed..
I think I may pass this upgrade u..
Reply With Quote
  #15  
Old 02-21-2005, 01:20 AM
Lizard King Lizard King is offline
 
Join Date: Jan 2005
Location: Mersin
Posts: 907
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by oldfan
I got 27 mods/addons/hacks installed..
I think I may pass this upgrade u..
Why dont you use araxis merge or something like that. You can check this thread and upgrade your forum within 30 minutes.
Reply With Quote
  #16  
Old 02-21-2005, 04:56 AM
hendri's Avatar
hendri hendri is offline
 
Join Date: Dec 2004
Location: Jakarta, Indonesia
Posts: 84
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Lizard King
Why dont you use araxis merge or something like that. You can check this thread and upgrade your forum within 30 minutes.
i have upgraded to 3.07 everything seems fine
Reply With Quote
  #17  
Old 02-23-2005, 05:56 AM
Blootix Blootix is offline
 
Join Date: Feb 2005
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Erwin
With only 4-5 hacks, best to upgrade to 3.0.7 which fixes some bugs (albeit minor ones) and reapply the hacks. You will have to do all of them.
*Sigh* yeah. I had to... Even though I only had about 4 hacks. The AWS hack is extremely loooooong though, so that counts as 2!
Reply With Quote
  #18  
Old 02-23-2005, 08:02 PM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
hi,

this is pretty obvious goto your admincp => vbulletin settings => general settings

"add template name in html comments" => no that's all there is to it

for a list of bugs fixed in 3.07 you can go here

offcource if you want the fixes you need the full upgrade ....
Attached Images
File Type: png vb_fix.png (7.9 KB, 0 views)
Reply With Quote
  #19  
Old 02-25-2005, 05:10 AM
SaN-DeeP's Avatar
SaN-DeeP SaN-DeeP is offline
 
Join Date: Jun 2002
Location: Mumbai, India
Posts: 1,195
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Upgraded to 3.0.7 quite easily .
Reply With Quote
  #20  
Old 02-25-2005, 10:48 PM
Revan's Avatar
Revan Revan is offline
 
Join Date: Jan 2004
Location: Norway
Posts: 1,671
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I now know why the "Add Template Name In HTML Comments" are a serious (!) security vulnerability.
With an unpatched board with this feature enabled, a cracker can inject malicious PHP code (yes, ANY PHP code) by the use of a malformed URL.
Of course, I'm not about to state HOW this is done, but let me just say that if *I* could find it (and I wasn't even LOOKING for this info!), then a cracker with a grudge will surely find it.

I hope this helps to make users patch themselves, if some are still in doubt of the severity of this exploit
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:16 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04060 seconds
  • Memory Usage 2,268KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete