The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
VBPager
Is there any information about the vulnerability? I'd like a little info to figure out what the risk is. My forum is STILL reeling from losing vbplaza and now they are going to friggin riot. lol
I just want to know what I'm getting myself in to if I keep it, or if I need to just hold my breath and jump in the croc pond and uninstall it. |
#2
|
||||
|
||||
We cannot disclose the nature of its vulnerabilities as this information could be used to exploit boards who have not disabled or uninstalled it.
|
#3
|
|||
|
|||
I cannot download the zip for vbpager. I can't seem to find it on my computer either. I have uninstalled the product but I want to be sure I revert all the template edits and delete all the files but I need the zip to do it. How can I get it?
|
#4
|
|||
|
|||
Right Kirk, I don't want to know HOW to do it. Just what they can do to my forum if they know the exploit.
Like, can they delete posts? Members? Steal cookies? That kind of thing. |
#5
|
||||
|
||||
I haven't looked at each and every find for that specific release, but to my knowledge one could conceivably retrieve sensitive information from the database and have it "paged" to them, ironically enough.
|
#6
|
||||
|
||||
Good enough for me to shut it off.. and keeping it a secret is the best idea.. It makes the vulnerability worse if you start publishing what it does
|
#7
|
||||
|
||||
Here's the readme, for those who need it:
Quote:
|
#8
|
|||
|
|||
Not asking for details about the vulnerability, I understand why they shoudnt be disclosed, I just have one basic question
In order to use the exploit, someone would have to have access to the pager system, correct?, Im thinking of limiting access to it to just a specific usergroup on my site, with only people I trust. |
#9
|
||||
|
||||
Yes, users need to be able to access the pager to actually use the vulnerability.
|
#10
|
|||
|
|||
My members have voted unanimously to remove the security risk. So away it goes. Thank you for your answer Kirk!
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|