vBulletin Bug / Exploit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Danieldude
    Member
    • Jul 2005
    • 74
    • 4.2.x

    #16
    We're looking into it now.

    Comment

    • MrNase
      Senior Member
      • Jun 2003
      • 3575
      • 3.8.x

      #17
      Even if there is an exploit (which I highly doubt), it's BETA and you install it on your own risk.
      That's the end of that!

      Comment

      • Cen
        New Member
        • Nov 2007
        • 14
        • 3.8.x

        #18
        Originally posted by MrNase
        Even if there is an exploit (which I highly doubt), it's BETA and you install it on your own risk.
        Indeed, but it's always nice to let the public know how to keep their forum secure and safe.

        Comment

        • NewbieGuy
          Member
          • Jan 2008
          • 73

          #19
          Wayne

          Wayne, I read that vbulletin says not to allow html in posts, pm's or signatures.

          Where do we go to turn that feature off? Can we hav eit so we, the Admin can do it only?

          And why have that as a choice for members if we should not allow it?

          Thanks.

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73981

            #20
            Originally posted by NewbieGuy
            Wayne, I read that vbulletin says not to allow html in posts, pm's or signatures.

            Where do we go to turn that feature off? Can we hav eit so we, the Admin can do it only?

            And why have that as a choice for members if we should not allow it?

            Thanks.
            HTML is off by default on new installations. There is no option to have it on for Administrators only outside of a plugin that is available at www.vbulletin.org. It is offered because many of our customers use the software in a controlled browser environment such an intranet and they need the feature for their work. Since they know who exactly is accessing their forums there is less risk than enabling it on an open internet site.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • NewbieGuy
              Member
              • Jan 2008
              • 73

              #21
              Originally posted by Wayne Luke
              HTML is off by default on new installations. There is no option to have it on for Administrators only outside of a plugin that is available at www.vbulletin.org. It is offered because many of our customers use the software in a controlled browser environment such an intranet and they need the feature for their work. Since they know who exactly is accessing their forums there is less risk than enabling it on an open internet site.
              I know, Where do we turn it on?

              Is it safe to have on?

              I think it already is on my site since when I put http://www.whatever you can click on the link.

              Is that html?

              Thank you

              Comment

              • syrus.xl
                Senior Member
                • Jun 2005
                • 546

                #22
                Originally posted by NewbieGuy
                I know, Where do we turn it on?

                Is it safe to have on?

                I think it already is on my site since when I put http://www.whatever you can click on the link.

                Is that html?

                Thank you
                That's just parsing links in posts, nothing to do with allowing HTML coding in posts.

                Comment

                • wired420
                  New Member
                  • Dec 2008
                  • 10

                  #23
                  lol

                  Originally posted by Trevor Hannant
                  Can't recall anyone posting here about being hacked due to an exploit in vB code directly - all seem to have been running add-ons/plugins/mods which have cuased the problem.

                  As someone who suffered an attack in the past, it was caused by FlashChat which was tied in to my boards, not the board software itself.
                  Shows how much the vBulletin team goes to exploit sites to look. There are 100's of exploits to obtain admin status over the years available on MANY exploit sites directly related to sloppy coding of the vBulletin core.

                  Comment

                  • Trevor Hannant
                    vBulletin Support
                    • Aug 2002
                    • 24325
                    • 5.7.X

                    #24
                    Originally posted by wired420
                    Shows how much the vBulletin team goes to exploit sites to look.
                    In January 2008 I wasn't staff - didn't join the team until December 2009...
                    Vote for:

                    - Admin Settable Paid Subscription Reminder Timeframe (vB6)
                    - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...