Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > vbBux / vbPlaza
Reload this Page Security hole in attachment downloads for points.
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 3 1 23
 
Thread Tools
Security hole in attachment downloads for points. Details »»
Security hole in attachment downloads for points.
Version: , by Bernd Bernd is offline
Developer Last Online: Apr 2014 Show Printable Version Email this Page
Version: Unknown Rating:
Released: 05-20-2006 Last Update: Never Installs: 0
 
No support by the author.

Personally I tend to copy and paste links from the attachment manager into the text editor to link attachment downloads and i've come across the following issue.

Links in the attachment manager after upload are structured like the example below.

Code:
http://yoursite/forum/attachment.php?attachmentid=137&stc=1&d=1137783349
An equivalent link without stc=1 will substract the points or show the purchase attachment template.

If you use the links with STC=1, they will be available for free...anybody who knows this can download anything for free, no matter the amount of points needed.

I believe the issue can be easily fixed, but I'm not a php expert.
If i'm not mistaken the file to be fixed is plugins/vbplaza_attachment_start.php.

I have a shop built around vbplaza and would love to have this fixed since we are about to launch in a few days.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 05-22-2006, 11:22 AM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ooops, that's not good.
Reply With Quote
  #3  
Old 05-22-2006, 11:57 AM
Bernd Bernd is offline
 
Join Date: Apr 2005
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
nope, it ain't :P
Reply With Quote
  #4  
Old 05-22-2006, 02:09 PM
Ntfu2 Ntfu2 is offline
 
Join Date: Feb 2006
Posts: 1,247
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I fail to see how this is a "security" hole?
Reply With Quote
  #5  
Old 05-22-2006, 02:13 PM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Ntfu2
I fail to see how this is a "security" hole?
If we're splitting hairs, would you prefer the term exploit?
Reply With Quote
  #6  
Old 05-22-2006, 02:16 PM
Ntfu2 Ntfu2 is offline
 
Join Date: Feb 2006
Posts: 1,247
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Security hole: In computer software, a security vulnerability is a software bug that can be used deliberately to violate security.

Exploit sounds better
Reply With Quote
  #7  
Old 05-22-2006, 02:24 PM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Ntfu2
Security hole: In computer software, a security vulnerability is a software bug that can be used deliberately to violate security.

Exploit sounds better
Lets discuss why BSD is better than Linux now too! kekekekeke :banana:
Reply With Quote
  #8  
Old 05-22-2006, 04:15 PM
Bernd Bernd is offline
 
Join Date: Apr 2005
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Exploit then...sorry that i didn't use the correct terminology. none the less, it is a hole in the bit of code that checks if an attachment should be paid for :P. Call it exploit, hole, security exploit or security hole for my part. It's one thing for certain...it's annoying as hell...or heaven, depending on your 'religious' preferences.
Reply With Quote
  #9  
Old 05-23-2006, 12:32 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Bernd
Exploit then...sorry that i didn't use the correct terminology. none the less, it is a hole in the bit of code that checks if an attachment should be paid for :P. Call it exploit, hole, security exploit or security exploit for my part. It's one thing for certain...it's annoying as hell...or heaven, depending on your 'religious' preferences.

amen :banana:
Reply With Quote
  #10  
Old 05-31-2006, 06:44 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
So, has anybody recoded this to use a POST instead of a GET? This is a simple fix from 1st look....
Reply With Quote
Reply
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:58 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04582 seconds
  • Memory Usage 2,284KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete