vbulletin

I found a couple vBulletin sites I administer getting hacked recently. They use the latest version of the 3.8 series (3.8.7 Patch Level 2). I am usually pretty good at finding the holes where they get in and patching them up, but this one is stumping me. They are injecting data into the MySQL tables. The attack always happens when they make a GET request to the faq.php script. I was able to save data when the attack occurs. This was the $_REQUEST , $_GET , $_POST , $_COOKIE , and $_SERVER arrays. The only thing I saw that looked out of place is that there were two new $_SERVER keys, HTTP

I been trying to login to a site (www.siamchart/forum) by following instruction on this link.. Login to remote site with PHP cURL . I cannot past through the login. After running the following script, it redirect me to the same login page (www.siamchart/forum) without successful login. My code is as following.. $username="ABC"; $password="12345"; $url="www.siamchart.com/forum/login.php?do=login"; $cookie="siamchart_cookie.txt"; $postdata = "vb_login_username=".$username."&vb_login_password=".$password; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_SSL

What is the easiest way to make a single sign on (SSO) for a Django project and a vBulletin board on the same domain? I have an existing database of vBulletin users. I have looked into Django's RemoteUserBackend and vBulletin's vBSSO but I haven't found a complete solution. I doesn't know Django, but when you are up to something like this, search for "bridges". There is a high chance someone have already done that for you. These three source of information can also help you get through doing your own bridge: Drupal Bridge http://drupalcode.org/project/drupalvb.git/blob

I searched for tutorials but i didn't found any useful tutorial. I want to create simple plugin which add "123" to header of every pages of forum. I tried to go to admin panel -> create new plugin. But i don't know what hook i need to display "123" in header. I will be very thankful for any help. Assuming vBulletin 4 and above: Create a Product Logon to your AdminCP Goto Plugins & Products -> Manage Products Click Add/Import Product On the following screen enter your product name etc in the Add New Product section (you can leave Product URL and Product Check URL blank) Add a Plugin to your

I'm building a Flex widget for a private vBulletin site, and the Flex widget needs to access an XML file on the vBulletin server in order to display data. For security reasons, the XML URL will need to have the value in the bbsessionhash cookie passed along in the URL request from Flex. The Flex widget will be embedded in the private area that the user has logged into, so the Flex request will be coming from the same website the cookie is from. Is there any way to access the cookies directly within Flex? I would prefer not to use ExternalInterface to grab the cookie data from JavaScript, as it