Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Urgent Fix needed, [img] tag abuse
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 08-15-2008, 08:42 PM
PaintBallFM PaintBallFM is offline
 
Join Date: May 2008
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Urgent Fix needed, [img] tag abuse
It appears that you can abuse the tags to load anything.

On a habbo forum i visit (habboxforum.com), i was testing somthing doing

Code:
[img ]http://www.habboxforum.com/?style=1[/img ]
Code:
[img ]http://www.habbo.com/account/logout[/img ]
and they both worked.
Now i am a bit worried for my own forum & everyone else that this can easily be exploited.
Thanks, Dominic Lipscombe.
Reply With Quote
  #2  
Old 08-15-2008, 08:45 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I don't see what the problem is...

Can you provide screenshots or a link or something?
Reply With Quote
  #3  
Old 08-15-2008, 08:47 PM
PaintBallFM PaintBallFM is offline
 
Join Date: May 2008
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I would, but im banned for 24 hours from HxF :down:
Reply With Quote
  #4  
Old 08-15-2008, 08:51 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
See if you can recreate it on your own forum then and post the results if you are successful because I really don't understand what is supposed to be going on here. (BBCode is parsed within [code] tags).
Reply With Quote
  #5  
Old 08-15-2008, 09:03 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Under bvoptions > Message Posting and Editing Options, make sure to set this to No:
Allow Dynamic URL for [IMG] Tags
With this option set to 'no', the [IMG] tag will not be displayed if the path to the image contains dynamic characters such as ? and &. This can prevent malicious use of the [IMG] tag.
Reply With Quote
  #6  
Old 08-15-2008, 09:05 PM
PaintBallFM PaintBallFM is offline
 
Join Date: May 2008
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes i can reproduce this


goto: http://forum.truecrimegaming.com/sho...hp?p=94#post94

and press f5 once its loaded
Reply With Quote
  #7  
Old 08-15-2008, 09:17 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
See Lynne's post.

(I search all over vBulletin Options for that setting and couldn't find it! I knew it was there somewhere. )
Reply With Quote
  #8  
Old 08-18-2008, 03:23 AM
Videx's Avatar
Videx Videx is offline
 
Join Date: Feb 2007
Posts: 3,085
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Lynne View Post
Under bvoptions > Message Posting and Editing Options, make sure to set this to No:
Allow Dynamic URL for [IMG] Tags
I don't have that option there (in 3.7.2).
Reply With Quote
  #9  
Old 08-18-2008, 03:36 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Videx View Post
I don't have that option there (in 3.7.2).
Hmmm, I wonder what they did with it for 3.7.x?

edit: Interesting... I found this on vb.com but nowhere do they say why it was removed - 3.7.0 deprecated "Allow Dynamic URL for [IMG] Tags"
Reply With Quote
  #10  
Old 08-18-2008, 08:08 AM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Did they enable it or disable it by default then?

The vB.com staff seemed awfully unhelpful on that occasion
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 08:17 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07471 seconds
  • Memory Usage 2,252KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete