PDA

View Full Version : Style / Template / Replacement Hack For Moderators


blackice912
21 Sep 2002, 08:12
Alright, I've finally finished working on this darn thing and ready for a beta release!

This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup.

Please read the readme file before you install it.

For the style part, view this thread for screenshots (http://www.vbulletin.org/forum/showthread.php?s=&threadid=43599)

For the template part, view this thread for screenshots (http://www.vbulletin.org/forum/showthread.php?s=&threadid=43520)

For the replacement part, view this thread for screenshots (http://www.vbulletin.org/forum/showthread.php?s=&threadid=43566)

Also remember: It's a beta. There will probably be bugs I haven't found.

--------------------------
SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS"
(http://www.vbulletin.org/forum/showthread.php?s=&threadid=42096)
Security fix by me, thanks to Xenon for pointing out where to edit the code
--------------------------
1. Open user.php in your forums/mod/ folder

2. Find the following:
--------------------------
if($canedit[profilefields]) {
maketableheader("Custom Profile Fields");
$userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
while ($profilefield=$DB_site->fetch_array($profilefields)) {
$varname="field$profilefield[profilefieldid]";
makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
}
}
---------------------------

Replace it with:
---------------------------
if($canedit[profilefields]) {
maketableheader("Custom Profile Fields");
$userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
while ($profilefield=$DB_site->fetch_array($profilefields)) {
$varname="field$profilefield[profilefieldid]";
if ($varname != "field999")
if ($varname != "field998")
if ($varname != "field997")
makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
}
}
-----------------------------

Find:
---------------------------
if($canedit[profilefields]) {
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
while ($profilefield=$DB_site->fetch_array($profilefields)) {
$varname="field$profilefield[profilefieldid]";
$sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
}
$DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
}
---------------------------
Replace it with:
if($canedit[profilefields]) {
$profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
while ($profilefield=$DB_site->fetch_array($profilefields)) {
$varname="field$profilefield[profilefieldid]";
if ($varname != "field999")
if ($varname != "field998")
if ($varname != "field997")
$sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
}
$DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
}

Save and upload.

That's it, your forums are now secure from moderators breaking your security!
-----------------------------

Now...onto the download...

Oh, and if you use it, please click install! (http://www.vbulletin.org/forum/misc.php?s=&action=install&threadid=43781) :)

Dean C
21 Sep 2002, 10:33
nice to see these coming together... good work :D

You have a PM from me btw ;)

- miSt

blackice912
21 Sep 2002, 20:24
Thanks :)

And I replied to your PM

SZ|TalonKarrde
21 Sep 2002, 21:08
I posted a link to this thread in all the others, just in case they go to those instead of this one

blackice912
21 Sep 2002, 21:11
heh, I had already posted an edit in those threads about this one :p

SZ|TalonKarrde
22 Sep 2002, 07:28
Darn =(

Webmasta XT
22 Sep 2002, 16:16
rofl, very very useless for me, but nice for some ppl, if i wanted mods to edit templates, why wouldn't I make them admins? lol

FleaBag
22 Sep 2002, 17:15
Because you wouldn't want them to be able to mass delete parts of your database or let them edit forums and users - obviously. Before you try belittling the hard work of a hacker, try rubbing those two brain cells together and think for a moment. Great work on this hack, this is exactly what my hosted forums on GamerForums need.

FleaBag
22 Sep 2002, 18:08
OK, first bug... Once installed, clicking "Edit Forum Style" causes the browser to attempt to connect to a secure area of stardust-one.net.

blackice912
22 Sep 2002, 21:31
haha crap sorry about that, I forgot to change the redirect crap

*goes to update*

blackice912
22 Sep 2002, 21:38
Ok if you already have it installed, open up style.php in your mod folder and find:

location.replace(\"http://www.stardust-one.net/forums/mod/style.php?s=$session[sessionhash]&action=styles&dostyleid=$bbuserinfo[field998]\");

And replace it with:

location.replace(\"style.php?s=$session[sessionhash]&action=styles&dostyleid=$bbuserinfo[field998]\");

Still in that file, find:


alert(\"You are not authorized to view this area\")
location.replace(\"http://www.stardust-one.net/forums/mod/\");

And replace it with:

alert(\"You are not authorized to view this area\")
location.replace(\"index.php?s=&action=home\");

And still in that file, find:

alert(\"You are not authorized to view this area\")
location.replace(\"http://www.stardust-one.net/forums/mod/index.php?s=&action=home\");

Replace it with:

alert(\"You are not authorized to view this area\")
location.replace(\"index.php?s=&action=home\");

heh, I totally forgot to fix those. Going to update zip file now.

blackice912
22 Sep 2002, 21:42
Zip file updated. Removed vbHacker file because that takes a little longer to update

blackice912
23 Sep 2002, 00:06
I found another flaw. If you use Xenon's "Mods Can Edit Users" hack and then use my fix above, when a Mod edits his or her profile through the system, it erases the information in the fields that were hidden. I guess Xenon was correct about the fix and I think he posted his ideas in another thread so I'll go look and see what I can do.

If you don't use that hack, then no changes for you. :)

blackice912
23 Sep 2002, 00:18
Flaw fixed, main post updated. Thanks Xenon for pointing out what code should be edited.

FleaBag
23 Sep 2002, 11:34
Good work dude, I can't see any other problems in the hack so far!

blackice912
23 Sep 2002, 16:47
Well I found a security flaw, so I need to go in and fix it. It's a really really small flaw but might as well fix it. :)

SZ|TalonKarrde
24 Sep 2002, 00:14
Of course you need to fix it =P

blackice912
24 Sep 2002, 21:43
Go away little man :p litte Tyro Hacker

FleaBag
26 Sep 2002, 11:22
Have you fixed the flaw? I'd like to update my install.

SZ|TalonKarrde
26 Sep 2002, 19:53
That's it. I'm going to release a hack just to spite you.

blackice912
27 Sep 2002, 08:57
Originally posted by GamerForums
Have you fixed the flaw? I'd like to update my install.

Oops, ha I forgot to upload it. My bad, I'll do it after school today.

Originally posted by SZ|TalonKarrde
That's it. I'm going to release a hack just to spite you.

Big words little man :D

SZ|TalonKarrde
28 Sep 2002, 19:29
Originally posted by blackice912

Big words little man :D

I alreeady posted the idea in the SD1 exec forums...now I just have to learn how to do all of that =P./me decides to go for intergration instead of a completely new system.

blackice912
01 Oct 2002, 03:31
Hey everyone,

I've been freakin busy so I haven't had time to finish the patch. I hope to have it out this week but I have SO much to do it's insane.

g-force2k2
01 Oct 2002, 04:46
DISCLAIMER

This is a personal disclaimer to everyone that intends or has installed this hack... I would advise you to remove this hack from your forum until all security fixes have been made... I personally don't test many hacks out... but this was as just extremely provoking in this case... again this is a disclaimer... if you don't trust your mods enough to be Administrators then don't use this hack... I tested it and it can be maliciously used to de admin all administrators or even drop your entire forum database... again this is not advice... this is a warning...

I will attempt to work on a fix for the security holes shortly... until then i would advise not using this hack...

g-force2k2

blackice912
01 Oct 2002, 07:11
How the heck could my hack do that? :-/ Seems I missed something...

g-force2k2
01 Oct 2002, 11:18
Originally posted by blackice912
How the heck could my hack do that? :-/ Seems I missed something...

blackice912 don't get me wrong seems you did a good job... if you want i can pm you what i think... regards... again nothing against your hack ;)

g-force2k2

blackice912
02 Oct 2002, 06:27
Please, that would be very helpful :)

SZ|TalonKarrde
03 Oct 2002, 22:22
g-force...I'm looking over the code...I can't find any place that would allow you to do this. All I can think of is that it is a vB sewcurity issue...not one exclusive to this hack.

g-force2k2
04 Oct 2002, 02:58
Don't get me wrong SZ|TalonKarrde i never stated that his code was in any way shape or form wrong... but allowing for the template edit of a template set is a major security issue... for main reason concerning the phpinclude template and also for minor security issues using variabes to extract information about a user... (using postbit template) there's a lot to remember whne creating a hack like this... the major security issue is the phpinclude template... just add a simply query...

DROP TABLE user

will destroy your user table... any user can enter an...

UPDATE user SET usergroupid=6 WHERE userid=$bbuserinfo[userid]

and that will update all users browsing to admins status...

as for the postbit tempate you can get information not necessarily wanted... including hidden profilefields as well as ips and more...

again... that is just what i see... nothing against blackice's hard work... regards... and hope that you see my points as valid and important as a major security issue...

g-force2k2

SZ|TalonKarrde
04 Oct 2002, 05:21
Hmm, I was looking in the code for security issues, so of course I missed that. Any idea on a way myself and Brad can fix this?

g-force2k2
04 Oct 2002, 14:26
SZ|TalonKarrde with the mysql select query of all the templates you can include a statement not to select the phpinclude template

ie:

find the 'WHERE templatesetid' statement

above it add to that:

AND template != 'phpinclude'

i don't currently have any vbulletin files available at the time... but if it doesn't work i'll take a look at it when i get home from college... regards...

g-force2k2

SZ|TalonKarrde
04 Oct 2002, 21:00
Thank you, I'll get Brad to fix it ASAP

blackice912
05 Oct 2002, 04:13
Ah, I think I can fix that.

I didn't even think of that as a risk but thanks for the insight :)

SZ|TalonKarrde
18 Oct 2002, 06:16
Any updates to the code status?

blackice912
18 Oct 2002, 07:31
I have had no time to update it...hopefully soon.

FleaBag
30 Oct 2002, 12:49
Good man, I'm waiting for this one, it'll come in handy! :)

roxics
30 Jul 2003, 09:14
Was the major security risk fixed in this hack yet? I notice this thread is almost a year old.

Also is there a way to not allow members to edit templates? Just allow them to edit colors, fonts and image paths only?
Thanks