vBulletin-Glossary

cinneke

New Member
What is vBulletin-Glossary:

A small little glossay with features like crosslinking, attachments in entries, edit-history etc.

Installation:

- Upload all files in 'upload' to your server
- set 777-permission for the following directories:
/vbglossar
/vbglossar/backup
/vbglossar/temp

- Import 'product-vbglossar.xml' in AdminCP as Add-On.

Right after the import of the productfile, go and set the usergroups. Afterwards edit the setting in AdminCP (Settings and Crosslinking). Now go to 'manage categories' and create the wanted cats.

Now the glossary should be configured and ready to use.

General:

We know that there might be some small bugs left in this addon. Because of the size of this addon we decided to publish it and hope that the community keeps us up-2-date concerning bugs and feature-ideas. In this way we might create a better 1.0.1-version with more functions.

Gérome and Captainslater spent every free minute to help me with this project (coding, translation, tests, etc). Also MrD and Ragtek have tested during the time when this addon got developed.
 
hi

it is said here
Code:
http://www.vbulletin.org/forum/showpost.php?p=1600740&postcount=48
Important Security Issue: Googlebot is able to create glossary-entries!
I have noticed that "unregistered" users with the IPs 66.249.71.26 and 66.249.71.25 have been able to create numerous new Glossary entries. These entries don't have a name and no description, but they do exist in my database.
No I am asking myself:
1.) Why is it possible that unregisterd users are able to create new entries and insert data into mysql, even if I disallowed the guest-usergroup to create new entries?
2.) Why is it possible to create new entries with an empty title and description, no matter if we are talking about registered or unregistered users?

As long as these questions are not answered, I would advise everyone who is reading this to disable this addon immediately and to no longer make it avaible for download here as long as this security issue is not fixed.
 
Back
Top