The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#31
07-03-2007, 10:07 AM
|
||||
|
||||
Quote:
We are all very much aware that the installed number only represents a portion of the actual installs. In a recent vbBux thread, the problem is referred too as a 'security exploit' which is a better way to go. 
|
|
#32
07-03-2007, 12:00 PM
|
||||
|
||||
|
How it should be worded is always debatable, everyone has their own views.
I believe users should be told whether it's XSS or MySQL or whatever - without further details you cannot exploit it anyway.
|
|
#33
07-03-2007, 12:52 PM
|
|||
|
|||
|
with any detail like "sql inject" or "xss exploit", you can exploit any hack because they are not encoded... with a hack with a single sql query, it is easy to learn how the inject can be done...
if instead you contact the coder, that coder make the change in a reasonable delay, and then update his script without noting the exploit, it would be infinate the risk of a hacker trying to reproduce the exploit and profit from it... and btw,as anybody can suggest changes to a hack to the coder, why not providing a fix yourself as you already know the exploit, so the coder simply have to update its release... this is a community of sharing after all...
|
|
#34
07-03-2007, 12:56 PM
|
||||
|
||||
|
I'd also recommend that as new exploits are discovered, they are given examples, along with the fix, in the private coders forum - probably in a sticky, indexed thread. This way coders can keep up on their old hacks, and avoid possible problems with their new ones.
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 09:26 AM.