Not Solved Fikas Tube Video Gallery is dangerous
#1
Not Solved
As you know my page was hacked.
I promised the hacker when he told me how he hacked my site I will not contact his server.
So here it is how he did.

i'll hold you to that Wink
Well you know the plugin for a video list (http://mods.mybboard.net/view/tube-video-gallery-plugin) erm i think its called "Tube Video" in the video title you can set the name to some code and i set up a online phisher (Fake login page) to your site then i went to the "TubeVideo" plugin and added a video which redirects to my phisher and then your admin "Corry" or something like that signed into my phisher which gave me there login details to your forum....
What i suggest:
-Removing "TubeVideo"
-Remind your user's to beware of phishers(When logging in make sure the url is www.yoursite.com)


Hope i helped you and i'm sorry,
[Image: bannermybb.jpg]
Reply
#2
Not Solved
Thank you for this thread.
This will help a lot of people.
[Image: 468x602b.png]
Reply
#3
Not Solved
We are still using the Tube Video Gallery.

What I want to do is: change the settings that way, that only moderators and admins are able to send videos, no one else.

Is there anybody outside who please can give me the right php code to do so, please, and which file(s) do I need to edit?

Here's the mainfile.php
<?php

// Language File
if($mybb->settings['bblanguage'] == "turkish"){
include("vgallery/language/lang-tr.php");
}else{
include("vgallery/language/lang.php");
}


$op = $mybb->input['op'];
$sop = $mybb->input['sop'];
$id_del = $mybb->input['id_del'];
$page = $mybb->input['page'];
$orderby = $mybb->input['orderby'];
$id = $mybb->input['id'];
// Form elements here
$query = $mybb->input['query'];
$options = $mybb->input['options'];
$ltr = $mybb->input['ltr'];
$sender = $mybb->input['sender'];
$sid = $mybb->input['sid'];
$date = $mybb->input['date'];
$hits = $mybb->input['hits'];
$vote = $mybb->input['vote'];
$voter = $mybb->input['voter'];
$title = $mybb->input['title'];
$text = $mybb->input['text'];
$videocat = $mybb->input['videocat'];
$cname = $mybb->input['cname'];
$comments = $mybb->input['comments'];
$score = $mybb->input['score'];
// config page elements
$new_index_page_items = $mybb->input['new_index_page_items'];
$new_list_page_items = $mybb->input['new_list_page_items'];
$new_top_page_items = $mybb->input['new_top_page_items'];
$new_allow_anonymous = $mybb->input['new_allow_anonymous'];
$new_allow_direct = $mybb->input['new_allow_direct'];
$new_less_vote = $mybb->input['new_less_vote'];

// Get php version
$phpver = phpversion();

  if($mybb->user['usergroup'] == "3" || $mybb->user['usergroup'] == "4") {
	$canmodvideo = "yes";
    }else{
	$canmodvideo = "no";
	}


// convert superglobals if php is lower then 4.1.0
if ($phpver < '4.1.0') {
  $_GET = $HTTP_GET_VARS;
  $_POST = $HTTP_POST_VARS;
  $_SERVER = $HTTP_SERVER_VARS;
  $_FILES = $HTTP_POST_FILES;
  $_ENV = $HTTP_ENV_VARS;
  if($_SERVER['REQUEST_METHOD'] == "POST") {
    $_REQUEST = $_POST;
  } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
    $_REQUEST = $_GET;
  }
  if(isset($HTTP_COOKIE_VARS)) {
    $_COOKIE = $HTTP_COOKIE_VARS;
  }
  if(isset($HTTP_SESSION_VARS)) {
    $_SESSION = $HTTP_SESSION_VARS;
  }
}

// override old superglobals if php is higher then 4.1.0
if($phpver >= '4.1.0') {
  $HTTP_GET_VARS = $_GET;
  $HTTP_POST_VARS = $_POST;
  $HTTP_SERVER_VARS = $_SERVER;
  $HTTP_POST_FILES = $_FILES;
  $HTTP_ENV_VARS = $_ENV;
  $PHP_SELF = $_SERVER['PHP_SELF'];
  if(isset($_SESSION)) {
    $HTTP_SESSION_VARS = $_SESSION;
  }
  if(isset($_COOKIE)) {
    $HTTP_COOKIE_VARS= $_COOKIE;
  }
}


// This block of code makes sure $admin and $user are COOKIES
if((isset($admin) && $admin != $_COOKIE['admin']) OR (isset($user) && $user != $_COOKIE['user'])) {
  die("Illegal Operation");
}

$postString = "";
foreach ($HTTP_POST_VARS as $postkey => $postvalue) {
    if ($postString > "") {
     $postString .= "&".$postkey."=".$postvalue;
    } else {
     $postString .= $postkey."=".$postvalue;
    }
}
str_replace("%09", "%20", $postString);
$postString_64 = base64_decode($postString);


function is_admin($admin) {
    if (!$admin) { return 0; }
    if (isset($adminSave)) return $adminSave;
    if (!is_array($admin)) {
        $admin = base64_decode($admin);
        $admin = addslashes($admin);
        $admin = explode(":", $admin);
    }
    $aid = $admin[0];
    $pwd = $admin[1];
    $aid = substr(addslashes($aid), 0, 25);
    if (!empty($aid) && !empty($pwd)) {
        global $prefix, $db;
        $sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
        $result = $db->sql_query($sql);
        $pass = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if ($pass[0] == $pwd && !empty($pass[0])) {
            static $adminSave;
        	return $adminSave = 1;
        }
    }
    static $adminSave;
    return $adminSave = 0;
}

function is_user($user) {
    if (!$mybb->user['uid']) { return 0; }
    if (isset($userSave)) return $userSave;
    if (!is_array($user)) {
        $user = base64_decode($user);
        $user = addslashes($user);
        $user = explode(":", $user);
    }
    $uid = $mybb->user['uid'];
    $pwd = $mybb->user['password'];
    $uid = intval($uid);
    if (!empty($uid) AND !empty($pwd)) {
             static $userSave;
        	return $userSave = 1;
    }
    static $userSave;
    return $userSave = 0;
}
function FixQuotes ($what = "") {
	$what = ereg_replace("'","''",$what);
	while (eregi("\\\\'", $what)) {
		$what = ereg_replace("\\\\'","'",$what);
	}
	return $what;
}
function check_words($Message) {
	global $CensorMode, $CensorReplace, $EditedMessage;
$reasons = array("As Is","Offtopic","Flamebait","Troll","Redundant","Insighful","Interesting","Informative","Funny","Overrated","Underrated");
$badreasons = 4;
$AllowableHTML = array("b"=>1,"i"=>1,"strike"=>1,"div"=>2,"u"=>1,"a"=>2,"em"=>1,"br"=>1,"strong"=>1,"blockquote"=>1,"tt"=>1,"li"=>1,"ol"=>1,"ul"=>1);
$CensorList = array("fuck","cunt","fucker","fucking","pussy","cock","c0ck","cum","twat","clit","bitch","fuk","fuking","motherfucker");
$CencorMode = 1;
	$EditedMessage = $Message;
	if ($CensorMode != 0) {
		if (is_array($CensorList)) {
			$Replace = $CensorReplace;
			if ($CensorMode == 1) {
				for ($i = 0; $i < count($CensorList); $i++) {
					$EditedMessage = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$Replace\\1",$EditedMessage);
				}
			} elseif ($CensorMode == 2) {
				for ($i = 0; $i < count($CensorList); $i++) {
					$EditedMessage = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$Replace",$EditedMessage);
				}
			} elseif ($CensorMode == 3) {
				for ($i = 0; $i < count($CensorList); $i++) {
					$EditedMessage = eregi_replace("$CensorList[$i]","$Replace",$EditedMessage);
				}
			}
		}
	}
	return ($EditedMessage);
}


function check_html ($str, $strip="") {

	return $str;
}
function filter_text($Message, $strip="") {
	global $EditedMessage;
	check_words($Message);
	$EditedMessage=check_html($EditedMessage, $strip);
	return ($EditedMessage);
}
function filter($what, $strip="", $save="", $type="") {
	if ($strip == "nohtml") {
		$what = check_html($what, $strip);
		$what = htmlentities(trim($what), ENT_QUOTES);
		// If the variable $what doesn't comes from a preview screen should be converted
		if ($type != "preview" AND $save != 1) {
			$what = html_entity_decode($what, ENT_QUOTES);
		}
	}
	if ($save == 1) {
		$what = check_words($what);
		$what = check_html($what, $strip);
		$what = addslashes($what);
	} else {
		$what = stripslashes(FixQuotes($what));
		$what = check_words($what);
		$what = check_html($what, $strip);
	}
	return($what);
}

function get_web_page( $url )
{
$options = array( 'http' => array(
			'user_agent' => 'spider', // who am i
			'max_redirects' => 10, // stop after 10 redirects
			'timeout' => 120, // timeout on response
) );

$context = stream_context_create( $options );
$page = @file_get_contents( $url, false, $context );

$result = array( );
if ( $page != false )
	$result['content'] = $page;
else if ( !isset( $http_response_header ) )
	return null; // Bad url, timeout

// Save the header
$result['header'] = $http_response_header; // Get the *last* HTTP status code
$nLines = count( $http_response_header );
for ( $i = $nLines-1; $i >= 0; $i-- ) {
$line = $http_response_header[$i];
if ( strncasecmp( "HTTP", $line, 4 ) == 0 ) {
$response = explode( ' ', $line );
$result['http_code'] = $response[1]; break;
}
}
return $result;
}

function mykod_ekle($form_ismi){
global $db;

$codebuttons = "<script type=\"text/javascript\" src=\"jscripts/editor.js?ver=121\"></script>
<script type=\"text/javascript\">
	var editor_language = {
	title_bold: \"Koyu Yazý Ekle\",
	title_italic: \"Ýtalik Yazý Ekle\",
	title_underline: \"Altý Çizili Yazý Ekle\",
	title_left: \"Sola Dayalý\",
	title_center: \"Ortalanmýþ\",
	title_right: \"Saða Dayalý\",
	title_justify: \"Her Ýki Tarafa\",
	title_numlist: \"Numaralý Liste\",
	title_bulletlist: \"Noktalý Liste\",
	title_image: \"Resim Ekle\",
	title_hyperlink: \"Link Ekle\",
	title_email: \"E-mail adresi ekle\",
	title_quote: \"Alýntý Yap\",
	title_code: \"Düzenlenmiþ Kod Ekle\",
	title_php: \"Düzenlenmiþ PHP Kod Ekle\",
	title_close_tags: \"Tüm Taglarý Kapat\",
	title_youtube: \"\",
	enter_list_item: \"Liste maddesi giriniz. Listeyi bitirmek içi ya iptale basýn yada boþ býrakýn.\",
	enter_url: \"Lütfen web sitesinin URL'sini Giriniz.\",
	enter_url_title: \"Opsiyonel Olarak, URL için Bir Baþlýk Yazabilirsiniz.\",
	enter_email: \"Eklemek Ýstediðiniz Email adresini giriniz.\",
	enter_email_title: \"Opsiyonel Olarak, Email Adresi için Bir Baþlýk Yazabilirsiniz.\",
	enter_image: \"Baþka yerdeki resim için URl giriniz.\",
	size_xx_small: \"XX Çok Ufak\",
	size_x_small: \"X Orta Ufak\",
	size_small: \"Ufak\",
	size_medium: \"Orta\",
	size_large: \"Büyük\",
	size_x_large: \"X Orta Büyük\",
	size_xx_large: \"XX En Büyük\",
	color_white: \"Beyaz\",
	color_black: \"Siyah\",
	color_red: \"Kýrmýzý\",
	color_yellow: \"Sarý\",
	color_pink: \"Pembe\",
	color_green: \"Yeþil\",
	color_orange: \"Turuncu\",
	color_purple: \"Mor\",
	color_blue: \"Mavi\",
	color_beige: \"Bej\",
	color_brown: \"Kahverengi\",
	color_teal: \"Çay rengi\",
	color_navy: \"Lacivert\",
	color_maroon: \"Kestanerengi\",
	color_limegreen: \"Ihlamur Yeþili\",
	font: \"Font\",
	size: \"Yazý Ebatý\",
	color: \"Yazý Rengi\"
};
	var clickableEditor = new messageEditor(\"$form_ismi\", {lang: editor_language, rtl: 0});
	clickableEditor.bindSmilieInserter(\"clickable_smilies\");
</script>
<!-- end: codebuttons -->
";

return $codebuttons;

}

?>

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)