Sorry, I can't help Alex, but [encourage]please keep at it![/encourage] I've subbed to this thread, so if you solve it, please post again
YUI flash uploader exploit and the vb recommended fix
Collapse
X
-
-
That is a pretty shocking statement as it simply reads as IB not caring that you suddenly have 100s if not 1000s of customers who have lost a pretty significant piece of basic functionality and are fine with relegating them back to the stone age of uploading a single file at a time. Is this REALLY where IB is at? Are they purposefully trying to push customers to other products?👍 1Comment
-
You're kidding, right? "Find Bug, remove functionality" as a support method was what soured me on Intuit's software.Bob Hubbard
WebMaster, SilverStar WebDesigns Inc.Comment
-
Is there anyone here who is decent with Flash?
I've been having a go at fixing this but I've never worked with Flash before and I'm stuck. I have got as far as decompiling uploader.swf, locating the offending piece of code, writing a REGEX to sanitise the allowedDomains parameter, recompiling and confirming the exploit itself is fixed.
The problem?
The actual uploading function is broken!
It goes through all the motions selecting the files properly and then fails at the last hurdle when you press the Upload button... basically nothing happens. If there is a Flash guru on here I will be happy to share the Flash source code of my attempt so far on the understanding that if we get it working the fix will be made available to all.
Alex
/http://www.garage4hackers.com/showthread.php?t=5167Comment
-
Well I have just started this process now as you say no customers support these days, take it or leave it type attitude. I will rather just leave it now while I still have a bit of a forum to convert as who know what will be next.👍 1Comment
-
Comment
-
Following my last post I think I've managed to fix the flash file... The problem was with the decompiled source. I managed to find the original Actionscript source code for YUI 2.9.0 here:
I used that to replace some of the decompiled source from uploader.swf and then recompiled with a REGEX to sanitise allowedDomain. The result is a working uploader.swf that passes the exploit proof of concept
PHP Code:uploader.swf?allowedDomain=\%22}%29%29%29}catch%28e%29{alert%28document.domain%29;}//
If there are any proper Flash developers out there who can double check my code I will be happy to share the source!
DISCLAIMER: I am not a flash developer, I am just another vBulletin customer trying to keep his members happy! This file is provided free of charge for the benefit of the vBulletin community. You use it at your own risk! Please test before using on a live site!!
I have moved the .zip file to vbulletin.org as it's easier to maintain in just one place!
DOWNLOAD HERELast edited by alexm; Fri 14 Feb '14, 10:46am.👍 5Comment
-
Following some extremely helpful suggestions from FranzBanz I've updated the above .zip file with v2 of the patched flash uploader
1) finding another exploit (using another parameter). Exploit fixed by setting the parameter (not used by vBulletin) to null.
2) '-' added to allowed characters in allowedDomainLast edited by alexm; Sat 11 Jan '14, 1:00pm.👍 1Comment
-
Following some extremely helpful suggestions from FranzBanz I've updated the above .zip file with v2 of the patched flash uploader
1) finding another exploit (using another parameter). Exploit fixed by setting the parameter (not used by vBulletin) to null.
2) '-' added to allowed characters in allowedDomainComment
-
Hi Dmitri,
Unless anyone else can find any further problems which need fixing I'm not intending to develop it further. The .zip file posted earlier contains a working uploader.swf with the allowedDomain exploit fixed plus another potential exploit also fixed so those who want to stick with the flash uploader are now able to return the functionality back to exactly what it was before all this started, which was the main goal of this exercise.
Alex👍 1Comment
-
Hi Alex
Well my members and I really want to thank you.
I now have the forum back to where it was before this nonsense happened.
What a shame this was not sorted by vBulletin.
regards
TrevorRegards
Trevor👍 1Comment
-
The only problem I've found is with my installation of IE-10 is it works fine with quick reply, but in advanced reply or new thread files get uploaded, but the files don't populate in the 'Attachments' box for 'manage attachments'. You have to exit the upload screen and refresh the editor page. If you do that the files are there.Last edited by mediasnog; Mon 13 Jan '14, 4:36am.Fedora 15 - Apache/2.2.22 - PHP:5.3.13 (switchable Fast-CGI, CGI, Mod-PHP, SuPHP) - MySQL:5.5.23Comment
Related Topics
Collapse
-
by frank47Adding a Flash header.
I am trying to add a flash movie to the header.
Can easily add an image, but not object or java - driving me nuts. Have tried various approaches without success....-
Channel: Support Issues & Questions
-
Comment