Announcement

Collapse
No announcement yet.

new XSS vulnerability [4.0.2 PL 1] we are affected?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Hi,
    but how about to send out a Newsletter, inform the customers and recommend to change this lines of code.

    Christian
    My Sites in German: Brasilien with Brasilien Forum

    Comment


    • #17
      Originally posted by CThiessen View Post
      but how about to send out a Newsletter, inform the customers and recommend to change this lines of code.
      My mailbox will be full to bursting But it is a good idea.

      Comment


      • #18
        Hi,
        and find a "special" System for Security related Information e.g Special Sender that allows the customer to handle security messages in a special way.
        PopUp Window, forward to Admin on duty, forward to SMS or what ever.

        Christian
        Last edited by CThiessen; Sun 21 Mar '10, 8:40am.
        My Sites in German: Brasilien with Brasilien Forum

        Comment


        • #19
          Originally posted by Paul M View Post
          Quick [temp] fix ;

          Search the templates for {vb:raw query} replace with {vb:var query}

          There are about 10 of them.
          can you use
          Find and Replace in Templates (be careful!)
          I see more than 10 I think

          Comment


          • #20
            Originally posted by harleyparts View Post
            can you use
            Find and Replace in Templates (be careful!)
            I see more than 10 I think
            Yes, I do like that and I don't encounter any trouble.

            Comment


            • #21
              **sigh** Let's get a little realistic here, shall we? With each vulnerability found in the vBulletin software, how many sites were actually compromised? And out of all those sites that use vBulletin, what is the actual percentage of sites that get nailed before a fix is released? I'd be willing to bet that very few sites are compromised before a fix is released.

              So to everyone going "OH MY GOD FIX IT NOW!", take a chill pill. Besides, if your hosting company is worth anything, they should be catching these attempts at the server level before it even reaches the forum software. And if you run your own boxes, you should be running mod_security to catch these attempts anyway.

              Good grief. You'd think that the end of the world was just announced.
              I drank WHAT?! - Socrates

              Comment


              • #22
                Originally posted by harleyparts View Post
                can you use
                Find and Replace in Templates (be careful!)
                I see more than 10 I think
                I found 9 templates that needed to be changed using that method.
                I drank WHAT?! - Socrates

                Comment


                • #23
                  Originally posted by Biker View Post
                  I found 9 templates that needed to be changed using that method.
                  lol yea im more worried about messing it up than getting hacked...hunm what to do.......Maybe i wait a day or two :>

                  Comment


                  • #24
                    http://www.vbulletin.com/forum/showthread.php?346345 vBulletin 4.0.2 PL2 temporary patch released. http://dl.dropbox.com/u/693961/402pl2.png

                    Comment


                    • #25
                      regarding to this: http://www.vbulletin.com/forum/showt...S-Vunerability

                      why i can't use what's new? any more? i can't even use the search box in my forum after replaced the type.php file?

                      thanks

                      Comment


                      • #26
                        I have 4.0.2 patch ...not sure what 4.0.2 PL2 is

                        but i can wait anyways i guess..............Dont hack me dang it

                        Comment


                        • #27
                          Originally posted by tonetu View Post
                          regarding to this: http://www.vbulletin.com/forum/showt...S-Vunerability

                          why i can't use what's new? any more? i can't even use the search box in my forum after replaced the type.php file?

                          thanks
                          Redownload the file. There was a problem with the first attachment.

                          Please don't PM or VM me for support - I only help out in the threads.
                          vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                          Want help modifying your vbulletin forum? Head on over to vbulletin.org
                          If I post CSS and you don't know where it goes, throw it into the additional.css template.

                          W3Schools <- awesome site for html/css help

                          Comment


                          • #28
                            Originally posted by Lynne View Post
                            Redownload the file. There was a problem with the first attachment.
                            thanks now it's working.

                            Comment


                            • #29
                              Originally posted by Biker View Post
                              I found 9 templates that needed to be changed using that method.
                              Yep, I only quickly counted at the time - I believe its 9 if you have the suite installed, less for forums only.

                              However - there is now an official patch available which involves a file edit or replacement - I would suggest admins now use that.
                              Baby, I was born this way

                              Comment


                              • #30
                                Neither work for me McAfee PCI compliance stills states it as a fail

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X