Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
login.php phishing patch Details »
login.php phishing patch
Mod Version: 1.00, by GeekyDesigns (Coder) GeekyDesigns is offline
Developer Last Online: May 2012 I like it Show Printable Version Email this Page

vB Version: 4.x.x Rating: (15 votes - 5.00 average) Installs: 60
Released: 02 Jun 2011 Last Update: Never Downloads: 186
Not Supported Uses Plugins  

Due to the recently announced Possibly Phishing Vector

I made a small/short patch which should stop a user from being exploited.

I've tested this internally and it seems to do the job.

Download Now

Only licensed members can download files, Click Here for more information.

Supporters / CoAuthors

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Comments
  #2  
Old 02 Jun 2011, 23:57
GeekyDesigns's Avatar
GeekyDesigns GeekyDesigns is offline
 
Join Date: Mar 2004
If there are other pages, that this can cause problems on, please let me know and I'll see what I can do to resolve it.
__________________
The Geeky Designs team is proudly bringing you awesome addons and styles!
Reply With Quote
  #3  
Old 03 Jun 2011, 00:45
Special Pages Special Pages is offline
 
Join Date: Nov 2010
Real name: Edward J.
I'm using this for sure. Is this tested and working?
Reply With Quote
  #4  
Old 03 Jun 2011, 01:03
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
I tested it as much as I could internally, it shouldn't ever impact normal users, only if someone, or something tries to pass url=X in the url.
__________________
Looking for ImpEx?
Reply With Quote
  #5  
Old 03 Jun 2011, 01:26
MagicThemeParks's Avatar
MagicThemeParks MagicThemeParks is offline
 
Join Date: Sep 2009
Will this work with all versions of vB?
Reply With Quote
  #6  
Old 03 Jun 2011, 01:58
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
This should work on any version of vB4, the hook point im using I'm moderately sure isnt available in vb3.5-8
__________________
Looking for ImpEx?
Reply With Quote
  #7  
Old 03 Jun 2011, 02:08
SuperTaz's Avatar
SuperTaz SuperTaz is offline
 
Join Date: Apr 2007
Real name: Jeremy
Nice. Thank you.
__________________
Global Gamers
My Modifications
Reply With Quote
  #8  
Old 03 Jun 2011, 02:56
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by Zachery View Post
This should work on any version of vB4, the hook point im using I'm moderately sure isnt available in vb3.5-8
init_startup is in init.php in 3.8.0. Not sure about earlier.

Last edited by Boofo; 03 Jun 2011 at 03:01.
Reply With Quote
  #9  
Old 03 Jun 2011, 04:16
eJM's Avatar
eJM eJM is offline
 
Join Date: Sep 2004
Real name: Jim McClain
How will this affect things like VigLink?
__________________
Always a work in progress:
The Floor Pro Community
Reply With Quote
  #10  
Old 03 Jun 2011, 04:59
Wonksta Wonksta is offline
 
Join Date: Apr 2009
Originally Posted by eJM View Post
How will this affect things like VigLink?
x2

AND - Does this phising vulnerability effect vB3.8.6?
Reply With Quote
  #11  
Old 03 Jun 2011, 12:50
worried worried is offline
 
Join Date: Jan 2009
Did I install this wrong?

Product: vBulletin
Hook Location: init_startup
Title: Login php phishing patch
Execution Order: 5
Plugin PHP Code: paste text of xml file here

I got a blank screen when I clicked the What's New button.
Reply With Quote
  #12  
Old 03 Jun 2011, 15:16
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Installed with thanks on 4.1.3 ....

Regards,
Doug
Reply With Quote
  #13  
Old 03 Jun 2011, 18:19
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Originally Posted by worried View Post
Did I install this wrong?

Product: vBulletin
Hook Location: init_startup
Title: Login php phishing patch
Execution Order: 5
Plugin PHP Code: paste text of xml file here

I got a blank screen when I clicked the What's New button.
You should just install it.
__________________
Looking for ImpEx?
Reply With Quote
  #14  
Old 03 Jun 2011, 21:04
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Real name: Erik
Originally Posted by worried View Post
Did I install this wrong?

Product: vBulletin
Hook Location: init_startup
Title: Login php phishing patch
Execution Order: 5
Plugin PHP Code: paste text of xml file here

I got a blank screen when I clicked the What's New button.

probably you copied along a character that shouldn't be there and that is causing a blank page
Reply With Quote
  #15  
Old 05 Jun 2011, 16:33
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Originally Posted by eJM View Post
How will this affect things like VigLink?
I did not notice your question eJM, it shouldn'y have any effect what so ever on viglink or skimlinks. It only stops the &url varible from working on a very tiny portion of your site.
__________________
Looking for ImpEx?
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 05:15.

Layout Options | Width: Wide Color: