Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
  #46  
Old 05 Feb 2007, 22:25
Deimos Deimos is offline
 
Join Date: Oct 2002
Really? good lord..
Reply With Quote
  #47  
Old 05 Feb 2007, 22:28
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Real name: '
Yeah....x___x


Atleast Princeston[sp=?] reacted quickly to my PM.

Ididn't think he'd believe me, the way the exploit worked, but they did, and i was right.
Reply With Quote
  #48  
Old 05 Feb 2007, 23:26
zappsan's Avatar
zappsan zappsan is offline
 
Join Date: Sep 2004
Originally Posted by Artificial_Alex View Post
It was being exploited to get users/staff's passwords.


My WHOLE staff got their passwords obtained by this person exploiting it.
Wow, thank you very much for reporting it.
I disabled the hack for now, hope I'm safe.

I really hope CMX won't abandon this completely and fix the problem.
__________________
-zappsan/Virtual Headache

PIForums
Reply With Quote
  #49  
Old 06 Feb 2007, 00:05
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Real name: John
ugg.. really hope this exploit gets fixed soon!
__________________
John
Reply With Quote
  #50  
Old 06 Feb 2007, 00:11
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Real name: Shawn
Errm, maybe it could be explained how they got in?
:|
Reply With Quote
  #51  
Old 06 Feb 2007, 00:22
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Real name: '
All I will say is its to do with the donate feature and a script.
Reply With Quote
  #52  
Old 06 Feb 2007, 01:55
Pete C's Avatar
Pete C Pete C is offline
 
Join Date: Aug 2005
Real name: Peter
I got the same Email, so I checked back here to be sure it was for real . . this has been a very popular hack, and I wanted to be sure before taking it off.

Despite the annoyance of having to do that, I'd like to say a BIG thank you for the heads-up, and my appreciation to vB for acting on the info so fast.

I can't see the thread either, so it's obviously been removed for good reason - but I would have clicked it uninstalled . . at least till something can (hopefully) be done to address the exploits.

Good info, sad loss.
__________________
Reply With Quote
  #53  
Old 06 Feb 2007, 02:36
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Real name: Shawn
Originally Posted by Artificial_Alex View Post
All I will say is its to do with the donate feature and a script.
Your post was strong enough to scare away over 50 users of vbplaza now
Reply With Quote
  #54  
Old 06 Feb 2007, 02:38
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Real name: '
Meh, you asked. ;D
Reply With Quote
  #55  
Old 06 Feb 2007, 02:58
MThornback's Avatar
MThornback MThornback is offline
 
Join Date: Apr 2005
Location: Canada
Thanks for the save we all appreciate it!
Reply With Quote
  #56  
Old 06 Feb 2007, 03:07
NFLfbJunkie NFLfbJunkie is offline
 
Join Date: Sep 2006
What can happen if someone decides to keep this MOD active on their boards?
Reply With Quote
  #57  
Old 06 Feb 2007, 03:48
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Real name: Shawn
Originally Posted by Junkie View Post
What can happen if someone decides to keep this MOD active on their boards?
Well its not like every board with vBplaza will just die
Unless the exploit was posted on some site which gave more people that oppertunity to do it on more sites -.-
Reply With Quote
  #58  
Old 06 Feb 2007, 03:52
Pete C's Avatar
Pete C Pete C is offline
 
Join Date: Aug 2005
Real name: Peter
Originally Posted by Shazz View Post
Your post was strong enough to scare away over 50 users of vbplaza now
I only got 50 members, and now there's nothing to bribe 'em in with - gonna have to seriously update my content now . . . lmao!

Seriously though, if there was no risk, I'm sure that would be clarified - instead the entire hack has been removed and vB have taken the trouble to mail-out to all the installers . . no smoke without fire imo - it ain't fear it's logic.

I'd sure like to see it fixed though - good luck to the guys working on it.

Originally Posted by Junkie View Post
What can happen if someone decides to keep this MOD active on their boards?
Well, you could end up with a whole bunch of Admins . . or worse

Originally Posted by Artificial_Alex View Post
It was being exploited to get users/staff's passwords.

My WHOLE staff got their passwords obtained by this person exploiting it.
__________________
Reply With Quote
  #59  
Old 06 Feb 2007, 03:56
NFLfbJunkie NFLfbJunkie is offline
 
Join Date: Sep 2006
I'd sure like to see it fixed though - good luck to the guys working on it.
Is there someone in fact working on a fix?
Reply With Quote
  #60  
Old 06 Feb 2007, 09:05
Greek Wizard Greek Wizard is offline
 
Join Date: Jun 2006
Originally Posted by Artificial_Alex View Post
All I will say is its to do with the donate feature and a script.
If we disable just the donate function, will this allow the rest of the hack to be active and safe?
__________________
www.wsforums.org
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 06:13.

Layout Options | Width: Wide Color: