[GYSN] vBulletin.v3.6.8.Patch.Level.1.PHP.NULLIFIED-GYSN

D

dutchwii

New Member
Here the Patch level 1 edition
Please say thank you if you like this download :D

Updated files:
class_bbcode.php
version_vbulletin.php

No password
 
J

J.Black

Guest
Galeras said:
Thnks fellow, but what could happend to ppl who don't upgrade ?
Click to expand...

this is a security issue

Original Info

vBulletin 3.6.8 Patch Level 1

This release is a patch to the 3.6.8 to fix a security issue reported to us this October 17th 2007. Only 3.6.8 is affected by this issue. The only changes in this release are for this security issue.

The changed files are:

* includes/class_bbcode.php
* includes/version_vbulletin.php


There are no template changes.

What is a Patch Level? How does it differ from a full release?

A patch level release contains fixes for only the most critical issues in the previous release. In this case, this means the only changes are to address a security issue.

It is designed to be installed directly over top of your 3.6.8 installation, with no other action. You do not need to run any upgrade scripts.

How to Upgrade
This is not a full upgrade. You do not need to run any upgrade scripts to complete the upgrade.

1. Patch: Download a patch file discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members' Area patch page or you can find it attached to this thread.
2. Full Package: Alternatively you can download the full package in the vBulletin Members Area and again upload the affected files mentioned in this thread.


If the files have been overwritten properly, your version will be listed as "3.6.8 Patch Level 1" in the administrators' control panel. Your version will still say 3.6.8 on the front-end.
 
S

snakeboy

New Member
Galeras said:
Thnks fellow, but what could happend to ppl who don't upgrade ?
Click to expand...

They will remain vulnerable to the newly discovered XSS cross scripting security hole...

"upgrading" only involves uploading 2 files and NOTHING else. I can't imagine why anyone would want to resist the chance to secure their board? Not like it's a big job or anything...
 
S

snakeboy

New Member
I'm no coder, but the Jelsoft said this about it:

Jelsoft said:
Yesterday morning (October 17th 2007) a security issue was reported to the vBulletin team. After investigating the report's claims, it was discovered that the 3.6.8 code does indeed include a flaw that could lead to a cross-site-scripting (XSS) exploit.

Subsequently, a new vBulletin version was prepared and released yesterday afternoon. This version is vBulletin 3.6.8 Patch Level 1 and includes only the fix for the security flaw.

We recommend that all customers running vBulletin 3.6.8 download the new version and upgrade as soon as possible.
Click to expand...
 
S

sendog

New Member
is it necesary to upload all the files or can i upload only this 2 files???

* includes/class_bbcode.php
* includes/version_vbulletin.php
 
K

Kosova

New Member
in localhost it doesn't work .
i can't generate the costumer number .
i got this msg :
Fatal error: Maximum execution time of 30 seconds exceeded in C:\wamp\www\forum\gysn-kg.php on line 192
Click to expand...
.
 
V

.v0id

New Member
Kosova said:
in localhost it doesn't work .
i can't generate the costumer number .
i got this msg :
.
Click to expand...

You have to change your settings in php.ini to allow longer time for script execution.
 
V

.v0id

New Member
Kosova said:
in localhost it doesn't work .
i can't generate the costumer number .
i got this msg :
.
Click to expand...

You have to change your settings in php.ini to allow longer time for script execution.
 
V

.v0id

New Member
Kosova said:
in localhost it doesn't work .
i can't generate the costumer number .
i got this msg :
.
Click to expand...

You have to change your settings in php.ini to allow longer time for script execution.
 
You must log in or register to reply here.
Top