Results 1 to 18 of 18

Thread: Exploit In Your Forum

  1. #1
    Join Date
    Jan 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default Exploit In Your Forum

    http://www.exploit-db.com/exploits/14833/


    Code:
    #  Patch :  #######################################################################
     
    1 > Go to AdminCP
     
    2 > Click on vBulletin Options and choose vBulletin Options
     
    3 > Choose Censorship Options
     
    4 > type &# in Censored Words section
     
    5 > Then click on Save
    Using ASCII codes you can make any name you like.
    Included is how to fix it.

  2. #2
    Join Date
    May 2011
    Location
    In an Island.
    Posts
    1,413
    Mentioned
    2 Post(s)
    Quoted
    149 Post(s)

    Default

    I think someone should check this.

    ~onilika
    ''If you want something you've never had, you have to do something you've never done''


    total leve 2715/1b exp +... exterminated.

  3. #3
    Join Date
    Jan 2012
    Posts
    76
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    O.o lolwut?

  4. #4
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    It's an old exploit but it works..

    Powered by vBulletin® Version 3.8.4
    Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
    vBulletin Skin developed by: vBStyles.com


    It's the same Database I use when finding exploits for use with Metaspliot and Backtrack 5.. So.. this needs to get fixed..
    I am Ggzz..
    Hackintosher

  5. #5
    Join Date
    Jan 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    It's an old exploit but it works..
    Nah I don't think it does.

  6. #6
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Ya think?
    LOL!!!!!! LOLOL nice.. Hmm. and u can edit posts without it showing.. wow..
    I am Ggzz..
    Hackintosher

  7. #7
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Breaking news: vBulletin is a piece of shit.

    Thanks for the report though.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  8. #8
    Join Date
    Nov 2011
    Posts
    255
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Its what happened to PatDuffy why he couldn't view his PMs and such. Its not really a dangerous exploit, but the version of vBul should probably be updated...

  9. #9
    Join Date
    Feb 2009
    Location
    inside Hello World! Application
    Posts
    232
    Mentioned
    0 Post(s)
    Quoted
    8 Post(s)

    Default

    Vbul will always have exploits aslong a there are people who search for them :/ also atleas solution isn't extremely long and confusing :/

    ~Bro433
    Last edited by Swatarianess; 01-06-2012 at 07:53 PM.
    I'm not a lesser Being imma Lesser demon


    http://i.imgur.com/faGr0.png << First Script With Paint. Good First proggy? exp 21k/hr is ok pretty buggy

  10. #10
    Join Date
    Jan 2007
    Posts
    8,876
    Mentioned
    123 Post(s)
    Quoted
    327 Post(s)

    Default

    Conclusion of this thread: vBulletin sucks, and nielsie95 / Wizzup has some work to do.

    Also; Change to phpBB

  11. #11
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    When I applied that fix, all the code blocks were broken.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  12. #12
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Example of what I mean:

    Simba Code:
    program new;


    var
      R, G, B: Integer;
      _R, _G, _B: Integer;
      H, S, L: Extended;
      X, Y, Z: Extended;
      ll, A, bb: Extended;

    begin
      ClearDebug;
      ColorToRGB(4091733, R, G, B);
      Writeln('(R, G, B) ' + IntToStr(R) + ', ' + IntToStr(G) + ', ' + IntToStr(B));

      RGBToHSL(R, G, B, H, S, L);
      Writeln('(H, S, L) ' + FloatToStr(H) + ', ' + FloatToStr(S) + ', ' + FloatToStr(L));

      HSLToRGB(H, S, L, _R, _G, _B);
      Writeln('(R, G, B) ' + IntToStr(_R) + ', ' + IntToStr(_G) + ', ' + IntToStr(_B));

      RGBToXYZ(R, G, B, X, Y, Z);
      Writeln('(X, Y, Z) ' + FloatToStr(X) + ', ' + FloatToStr(Y) + ', ' + FloatToStr(Z));

      XYZToRGB(X, Y, Z, _R, _G, _B);
      Writeln('(R, G, B) ' + IntToStr(_R) + ', ' + IntToStr(_G) + ', ' + IntToStr(_B));

      XYZToCIELab(X, Y, Z, bb, A, ll);
      Writeln('(L, A, B) ' + FloatToStr(L) + ', ' + FloatToStr(A) + ', ' + FloatToStr(ll));

      CIELabtoXYZ(bb, A, ll, X, Y, Z);
      Writeln('(X, Y, Z) ' + FloatToStr(X) + ', ' + FloatToStr(Y) + ', ' + FloatToStr(Z));

      setcolortolerancespeed(3);
      Writeln(SimilarColors(4091733, 255, 150));
    end.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  13. #13
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Someone try again, now?



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  14. #14
    Join Date
    Oct 2007
    Location
    The deep web
    Posts
    2,496
    Mentioned
    1 Post(s)
    Quoted
    3 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    Someone try again, now?
    stop tripple posting you noob

    love you
    Did someone say GDK?

  15. #15
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    Someone try again, now?
    Xploit fixed.. Dunno what that code above is though :S if that's for the simba tags, those were broken ages ago when editing them..
    I am Ggzz..
    Hackintosher

  16. #16
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by ggzz View Post
    Xploit fixed.. Dunno what that code above is though :S if that's for the simba tags, those were broken ages ago when editing them..
    The filter also filters ( and ), that's why it doesn't work. I've used a different method, so it should work fine now.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  17. #17
    Join Date
    Feb 2007
    Location
    Het ademt zwaar en moedeloos vannacht.
    Posts
    7,211
    Mentioned
    26 Post(s)
    Quoted
    72 Post(s)

    Default

    Thanks for reminding, we had a lot of fun testing this exploit ~6 months ago.
    I made a new script, check it out!.

  18. #18
    Join Date
    Dec 2006
    Location
    Sydney, New South Wales, Australia
    Posts
    4,603
    Mentioned
    15 Post(s)
    Quoted
    42 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    When I applied that fix, all the code blocks were broken.
    PHP Code:
    .simba 
      
    font-familymonospace;

    or

    PHP Code:
    <div class="simba" style="font-family: monospace;"
    Well what d'ya know? It works now!

    Also, found your problem:
    PHP Code:
    .alt2 {
      ...
      
    font-familytahoma,verdana,geneva,lucida,'lucida grande',arial,helvetica,sans-serif;

    Create a new class, alt3, and give it the same properties, except change the font-family to monospace.
    Last edited by Daniel; 01-09-2012 at 08:44 AM.
    You may contact me with any concerns you have.
    Are you a victim of harassment? Please notify me or any other staff member.

    | SRL Community Rules | SRL Live Help & Chat | Setting up Simba | F.A.Q's |

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •