vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=201286

peterle1 03 Mar 2009 15:18

Quote:

Originally Posted by JohnBee (Post 1759038)
This ones wacked
Cookie problems and doesn't allow return on 3.8.1
Hope it gets fixed, I really liked this mod

You can only return when you lokk at a thread.
Think one can change this with an template edit.

KURTZ 05 Mar 2009 11:34

onto 3.8.1 i've a 'no permission' error when i select the button, but if i refresh the page i'm logged with the other account ... it's weird ...

any tip to fix this?

monika 07 Mar 2009 12:01

Thanks. works on 3.8.1:)

KURTZ 11 Mar 2009 15:49

Quote:

Originally Posted by KURTZ (Post 1760937)
onto 3.8.1 i've a 'no permission' error when i select the button, but if i refresh the page i'm logged with the other account ... it's weird ...

any tip to fix this?

news about this issue? :confused:

Megatr0n 14 Mar 2009 15:53

Done.

Valter 14 Mar 2009 19:35

Thanks, this will be fixed.

You should remove error details from your post. ;)

updated 24 Mar 2009 22:03

This seems to have a problem with logging in to a username that has an apostrophe/single quote in it. Otherwise seems fine in 3.8.1.

Invalid SQL: INSERT INTO `moderatorlog`
(userid, dateline, action, ipaddress)
VALUES ('x', '123456789', 'Logged in as <a href="http://----.com/member.php?u=1234">Example's Badname</a>', '1.2.3.4');

For a temporary workaround, I just changed the line that constructs that phrase ($cybltua_loginfo = ) to put in a userid instead of the name.

Thanks.

Sweeks 30 Mar 2009 10:16

There is a serious security bug in this modification which can allow a member to access any user account. DO NOT INSTALL! Been hacked twice because of this product!
________
TOYOTA 4RUNNER

KURTZ 30 Mar 2009 10:52

*uninstalled: waiting for Cyb's feedbacks and fixes ...

OmniBuzz 30 Mar 2009 15:48

Installed and uninstalled (few issues with ssl) I 'll check it later...

Valter 30 Mar 2009 16:29

Quote:

Originally Posted by Sweeks (Post 1780233)
There is a serious security bug in this modification which can allow a member to access any user account. DO NOT INSTALL! Been hacked twice because of this product!

Impossible.

You can always check in moderator log who used this hack.

Sweeks 30 Mar 2009 17:45

Quote:

Originally Posted by Cybernetec (Post 1780386)
Impossible.

You can always check in moderator log who used this hack.

There is some form of security bug in this which allows even a guest to use it. If I could PM you I would let you experience the flaw as I dont wish to post it publically.

Now unless there is something wrong with how I have set this up then there definitely is a problem. The only users I have allowed to use this is two admin accounts, I dont understand how guests could use it.
________
Extreme Vaporizer Sale

Sweeks 30 Mar 2009 20:57

We have also found out that users were able to use the login to user account via a link on all members profiles as a guest.
________
BODY SCIENCE

Raptor 30 Mar 2009 22:53

http://www.vbulletin.org/forum/showthread.php?t=168819

this works great on vb 3.8.1

Sweeks 30 Mar 2009 23:03

Quote:

Originally Posted by Raptor (Post 1780657)

Apparently not fully:

http://www.vbulletin.org/forum/showp...&postcount=247

I hope that this is something I have overlooked.
________
Ferrari Fx


All times are GMT. The time now is 08:48.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.