Announcement

Collapse
No announcement yet.

Non-critical exploit (of sorts)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Non-critical exploit (of sorts)

    Well... one of our users today tried a fun gimmick...

    He tried to see what could be done with the IMG tag.

    So what he did was put a MAILTO url inside an IMG tag...

    [ img ]mailto:[email protected][ /img ]

    Appearently... this gets parsed as < img src="mailto:[email protected]" >

    And... oddl enough... it causes your default email client to automatically pop up a new message window, just as if you had clicked a normal mailto.

    The problem lies in the fact that in this person's test post...

    He put in over 150 IMG-mailto tags.

    Which caused 150 windows to pop up and crashed his comp.

    See the problem?

    Anyhow, just thought I'd share... perhaps the developers will have a way to stop this.

  • #2
    I just tried it on my test forum, and, it just makes a mailto link, no popup email client........

    Comment


    • #3
      Same here...

      Could it be a brower-specific issue? I didn't notice a browser mentioned.
      Boardoo.com - Hosting, Software, WHMCS Addons, and whole lot more.
      Featuring vBLink :: The vBulletin Integration Suite for WHMCS

      Comment


      • #4
        I believe that this potential exploit was fixed in a version > 2.0.3...try upgrading and let us know if the problem persists.

        Comment


        • #5
          What browser and email client where they using?

          If they are using Outlook 2000, they should install SR-1 and SR-2 for it. Both have been available for over a year now.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #6
            They should, however, carefully weigh the options before installing SR-2 as it will completely disable their ability to receive EXE (and a number of other) attachments.

            Comment


            • #7
              Originally posted by Stallion
              I believe that this potential exploit was fixed in a version > 2.0.3...try upgrading and let us know if the problem persists.
              We haven't upgraded past 203 for a couple of good reasons...

              #1: Our board is just so overly hacked it's not funny, with a lot fo the hacks consisting of one or two lines of code in various places... and no log to keep track of them... yes, I'm dumb.

              #2: An attempted test upgrade to 220 anyways resulted in seriously bad problems, and was considered simply not feasible.

              We're waiting on v3 for upgrading.

              Comment


              • #8
                Perhaps you could turn down the number of images that you allow people to post? 150 seems rather unreasonable.

                John
                John Percival

                Artificial intelligence usually beats real stupidity ;)

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X