vt.Lai VBB Anti CSRF 1.2 - Anti CSRF Attack To AdminCP vBulletin
Mod Version: 1.2, by VuThanhLai
| vB Version: 4.2.0 | Rating:  (0 vote - 0 average) |
Installs: 12 |
| Released: 11 Dec 2012 | Last Update: 14 Dec 2012 | Downloads: 46 |
 Not Supported
 Uses Plugins
|
||
How to attack:
https://www.youtube.com/watch?v=0W8KWdiHzCI&feature=player_embedded
How to Fix ?
+ First solution:
Rename admincp dir. This is simple solution. However, when used in this way, will be some mod is not working or error.
In another case, if you have sub forum Admin, when you change the AdminCP dir, you must inform them of this. => They still know where is admincp folder.
+ Second solution:
Use this add on
Options:
Applies to all vbulletin versions
Change log:
v1.2: Fix some issue if admincp folder name has special char
v1.1: Fix loop error + Add some options
Source:
http://sinhvienit.net/@forum/threads/232980-vt-lai-vbb-anti-csrf-1-0-chong-tan-cong-csrf-vao-admincp-vbulletin/
http://sinhvienit.net/@forum/threads/232989-vt-lai-vbb-anti-csrf-1-1-chong-tan-cong-csrf-vao-admincp-vbulletin/
http://sinhvienit.net/@forum/threads/233289-vt-lai-vbb-anti-csrf-1-2-chong-tan-cong-csrf-vao-admincp-vbulletin/
https://www.youtube.com/watch?v=0W8KWdiHzCI&feature=player_embedded
How to Fix ?
+ First solution:
Rename admincp dir. This is simple solution. However, when used in this way, will be some mod is not working or error.
In another case, if you have sub forum Admin, when you change the AdminCP dir, you must inform them of this. => They still know where is admincp folder.
+ Second solution:
Use this add on
Options:
Applies to all vbulletin versions
Change log:
v1.2: Fix some issue if admincp folder name has special char
v1.1: Fix loop error + Add some options
Source:
http://sinhvienit.net/@forum/threads/232980-vt-lai-vbb-anti-csrf-1-0-chong-tan-cong-csrf-vao-admincp-vbulletin/
http://sinhvienit.net/@forum/threads/232989-vt-lai-vbb-anti-csrf-1-1-chong-tan-cong-csrf-vao-admincp-vbulletin/
http://sinhvienit.net/@forum/threads/233289-vt-lai-vbb-anti-csrf-1-2-chong-tan-cong-csrf-vao-admincp-vbulletin/
Download
product-vtlai_anti_csrf_1.0.xml (1.7 KB, 19 downloads) product-vtlai_anti_csrf_1.1.xml (3.4 KB, 22 downloads) product-vtlai_anti_csrf_1.2.xml (3.6 KB, 39 downloads)