The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
vbBux / vbPlaza v1.5.8 has been released! Details »» | |||||||||||||||||||||||||
A quick release to address a critical bug.
Get it at --> https://vborg.vbsupport.ru/showthread.php?t=106953 A NOTE: This will be one of the last releases of vbBux / vbPlaza in its V1.x format. But do not fear, vbBux / vbPlaza V2.0 is in the pipeline and will be bigger and better than before U ask how can it be bigger and better? Stay tuned!!! -CMX Show Your Support
|
Comments |
#62
|
|||
|
|||
disabled here now *bugger* Iliked this mod
|
#63
|
|||
|
|||
Yes. But I'd still advise you to wait for staff to fix the bug or something.
|
#64
|
|||
|
|||
Oh er....just noticed CMX's last activity time
"Last Activity: 14. Jul 2006 01:10" Maybe time to move onto another store program, if there is one? |
#65
|
|||
|
|||
nope
|
#66
|
|||
|
|||
Nothing worth the effort...besides most hacks that tie into VBPlaza would also have a bunch of dead code in them.....*sigh*
|
#67
|
||||
|
||||
Thanks to the vbulletin team for keeping us safe and up to date. It's very much appreciated.
This hack was a huge, huge part of our site so I sincerely hope it won't be abandoned I'd be more than willing to donate some $$ to help get things patched up. |
#68
|
||||
|
||||
Based on my understanding of the code, (and please note i can be wrong) i reckon that anything that sends out pm's with user input data will create a problem. The issue is that a user can for example in donation enter a custom message that is sent in the pm after passing through the php strip_tags function. Now that function can be exploited . You can do your own research on google.
Please note that i am venturing a guess here and not saying anything with surety. If this is indeed the reason a replacement with htmlentities might do the trick. (or with vb's own function) EDIT: Ok i have reproduced the problem on my test site so please note that this is a sure bug. |
#69
|
|||
|
|||
As many awesome coders we have on this board and somebody can't replicate another store/points hack?
|
#70
|
|||
|
|||
Acres, with your knowledge of the problem, is their a fix? If so, how does one get the fix approved and implemented in to the already existing code, posted on the board for users to add to their code? Just hoping this fabulous MOD can be saved.
|
#71
|
||||
|
||||
here is a temporary fix, i have tested this locally only for the donate function and its working as far as this exploit goes, and since the same logic can be taken for other places where its used we can replace there
go to your vbplaza folder, find occurrences of the following: includes/function_vbplaza.php find around line 152(depending on the version you have) PHP Code:
PHP Code:
vbplaza/action.admindonate.php (line 133) PHP Code:
PHP Code:
goto vbplaza/action.changeotherusertitle.php (line 136) PHP Code:
PHP Code:
goto vbplaza/action.changeusertitle.php (line 87) PHP Code:
PHP Code:
goto vbplaza/action.donate.php (line 164) PHP Code:
PHP Code:
goto vbplaza/action.gift.php (line 209) PHP Code:
PHP Code:
goto vbplaza/action.ribbons.php (line 218) PHP Code:
PHP Code:
the above fixes one part of the exploit. Ofcourse there might be other issues involved also, i am still looking around and maybe others are also. Please note that there might be other code areas that can be exploited also which i don't know yet. Don't think you are safe just by doing the above. The full exploit and what caused it has not been released so all this is guesswork to find the vulnerable part.(btw if this was not one part of exploit, even then it should be in part of the fix as the original code above can be exploited.I just looked at the code and saw this cos the original poster had mentioned something to do with pm text. Wait for an official fix or atleast don't blame me |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|