IMG code? - 03/13/2002 9:03 PM
Has it been all disabled or just in sigs?
**tests**
![[Linked Image]](http://www.aagames.co.uk/ubb/smile.gif)
If it's all, I guess it's since that redirect thingy...
**tests**
If it's all, I guess it's since that redirect thingy...
Re: IMG code? - 03/13/2002 9:31 PM
Okay, so we have some locked threads and scarce information about someone using the img tags to grab cookies. There doesn't seem to be any discussion about it or updates and since this place is inhabited by UBB owners I think that's pretty bad.
I think that we deserve more than a couple words and locked threads. If there is a threat then let us know. If there is an interim fix then give it to us. If you have nothing then let us know that.
I think that we deserve more than a couple words and locked threads. If there is a threat then let us know. If there is an interim fix then give it to us. If you have nothing then let us know that.
Re: IMG code? - 03/13/2002 9:43 PM
Stay tuned. A fix is being worked on right now and an official announcement is forthcoming.
In the mean time you may disable the IMG code on your sites if you are concerned.
Forgot to mention....if your password here was the same as your FTP, Admin, or User accounts on your own web sites shame on you. Go change them as well, and use a unique password for each!
In the mean time you may disable the IMG code on your sites if you are concerned.
Forgot to mention....if your password here was the same as your FTP, Admin, or User accounts on your own web sites shame on you. Go change them as well, and use a unique password for each!
Re: IMG code? - 03/13/2002 9:50 PM
The IMG tag was disabled to be 110% sure that the compromise could not be reproduced while I was developing a filter. Now that the filter has been developed, the IMG tag will be re-enabled, though not in signatures.
6.2.1.1 will be released shortly with the additional filtering.
6.2.1.1 will be released shortly with the additional filtering.
Re: IMG code? - 03/13/2002 9:58 PM
Can we have the info on exactly what is different so that we can implement without disturbing the hacked boards?
Re: IMG code? - 03/13/2002 10:00 PM
The fix is a little too complicated to post here, unfortunately. However, the changes should not interfere with many existing hacks. The changes are limited to:
- lib_posting's signature appending area
- lib's check_html
- lib's imageize and related routines
You do NOT need to disable the IMG tag on your board unless you are concerned that someone might try this. I highly doubt that he'll try it anywhere else.
- lib_posting's signature appending area
- lib's check_html
- lib's imageize and related routines
You do NOT need to disable the IMG tag on your board unless you are concerned that someone might try this. I highly doubt that he'll try it anywhere else.
Re: IMG code? - 03/13/2002 10:19 PM
Thanks CC!
Re: IMG code? - 03/13/2002 10:50 PM
You won't re-enable signature images? Siggy avies are... gone? 
Re: IMG code? - 03/13/2002 11:00 PM
Not until I am 200% sure that the filters work.
Re: IMG code? - 03/13/2002 11:01 PM
Oh, I thought they're gone forever! 
Re: IMG code? - 03/13/2002 11:04 PM
quote:That'll be forever then -- it's impossible to be 200% sure
Originally posted by Charles Capps:
Not until I am 200% sure that the filters work.
.
Re: IMG code? - 03/13/2002 11:20 PM
Does this bug affect UBB 5?
Just wondering...
Just wondering...
Re: IMG code? - 03/14/2002 12:34 AM
Mmmm... a variant of it, sure. This EXACT issue is specific only to post 6.1.0 UBBs. UBB5 has not been updated in over one year. In that year+, dozens of security issues have been uncovered. Those using UBB5 need to be very cautious.
Re: IMG code? - 03/14/2002 12:47 AM
quote:I wonder what the .1 added?
Powered by Infopop Corporation
Ultimate Bulletin BoardTM 6.2.2 Development Beta 15.1
Re: IMG code? - 03/14/2002 1:04 AM
who exactly caused this trouble?
I obviously take a different view to this sort of behavior? If it happened on my board I know alot of people would be seriously p*****, it's obviously very different over here in the UK, sense of humour and tolerance!
note to remember.
I obviously take a different view to this sort of behavior? If it happened on my board I know alot of people would be seriously p*****, it's obviously very different over here in the UK, sense of humour and tolerance!
note to remember.
Re: IMG code? - 03/14/2002 1:05 AM
that was self censored btw, before someone has has ago at me, jeesh
Re: IMG code? - 03/14/2002 1:16 AM
quote:It makes no difference, and it doesn't concern you, so stop asking. Your other thread was already closed for asking once, so you'd think that you'd learn after one time...
Originally posted by Wando™:
who exactly caused this trouble?
Re: IMG code? - 03/14/2002 1:22 AM
I think it does concern me, as I'm a license owner and someone is hacking UBB's
Re: IMG code? - 03/14/2002 2:00 AM
They'll be releasing bew versions for 6.2x tonight I believe... grab a copy of the latest now and tonight again when they release - then file compare the changes in.
Re: IMG code? - 03/14/2002 2:11 AM
Wando -
A fix is being worked on and should be done soon if not already as I type this. Relax. No more information is usually provided...
A fix is being worked on and should be done soon if not already as I type this. Relax. No more information is usually provided...
Re: IMG code? - 03/14/2002 3:12 AM
thanks Greg and Allen. Matt don't over react
(looks like tomorrow night I've got no choice but to beyond compare to the latset version(why do people get their kicks mucking around with others good work???))
(looks like tomorrow night I've got no choice but to beyond compare to the latset version(why do people get their kicks mucking around with others good work???))
Re: IMG code? - 03/14/2002 3:31 AM
well I've locked down my board for the night, I've too much to lose there I'm afraid.
Re: IMG code? - 03/14/2002 7:29 AM
6.2.1.1 is now available in the Member's Area.
Re: IMG code? - 03/14/2002 10:15 AM
Yeah I was wondering what the hell happened, all my questions have been answered. The fix is in 6.2.1.1 right?
Re: IMG code? - 03/14/2002 4:11 PM
Yes
Re: IMG code? - 03/14/2002 8:01 PM
The new version was made for the fix. 
Re: IMG code? - 03/15/2002 8:01 AM
quote:I thought so.
Originally posted by dende:
The new version was made for the fix.
Better upgrade.
I deserve a rolleyes.
Re: IMG code? - 03/15/2002 8:29 AM
crazy guy. 
Re: IMG code? - 03/15/2002 11:10 AM
Exactly.
Just wondering, what files have changed from 6.2.1 to 6.2.1.1?
Just wondering, what files have changed from 6.2.1 to 6.2.1.1?
Re: IMG code? - 03/15/2002 4:35 PM
Lord Dexter: check here
Re: IMG code? - 03/16/2002 1:28 AM
And you didn't just download the Upgrade Only zip because...? Sheesh.
Re: IMG code? - 03/16/2002 11:30 AM
quote:Thanks Sub Zero.
Originally posted by Sub Zero:
Lord Dexter: check here
Re: IMG code? - 03/16/2002 6:35 PM
CC, what about those of us on 6.1.0.4? Can you release a patch for us?
Re: IMG code? - 03/16/2002 7:30 PM
Unfortunately the changes rely on routines only present in the 6.2 series...
Re: IMG code? - 03/16/2002 8:48 PM
Sigh, will have to talk to someone about looking at this then for me. Even if it is 1 person who found it there might be more down the road unfortunatly. Expecialy on the type of board I run tends to attract stuff like this a times.