Facebook Twitter Pinterest Share

vBulletin 3.X Releases All the latest vBulletin 3.X releases.


New Thread  Post Reply
dutchwii's Avatar
dutchwii : OldSkool
dutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the rough
offline Joined: Sep 2007 Location: The Hague (The Netherlands) Posts: 216 Thanked: 36
  #1  
Thread Starter Unread 10-17-07
[GYSN] vBulletin.v3.6.8.Patch.Level.1.PHP.NULLIFIED-GYSN

Here the Patch level 1 edition
Please say thank you if you like this download

Updated files:
class_bbcode.php
version_vbulletin.php

No password
Attached Files Click the thanks button to view this attachment.

Last edited by dutchwii; 10-17-07 at 08:11 PM.
FoxyFLS's Avatar
FoxyFLS : 50+
FoxyFLS will become famous soon enough
offline Joined: Oct 2007 Posts: 62 Thanked: 25
  #2  
Unread 10-18-07
This is just the patch instead of downloading the whole board
Attached Files Click the thanks button to view this attachment.
dutchwii's Avatar
dutchwii : OldSkool
dutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the rough
offline Joined: Sep 2007 Location: The Hague (The Netherlands) Posts: 216 Thanked: 36
  #3  
Thread Starter Unread 10-18-07
These files need to be placest in the include folder wich is found in the root
Galeras's Avatar
Galeras : 50+
Galeras is a glorious beacon of lightGaleras is a glorious beacon of lightGaleras is a glorious beacon of lightGaleras is a glorious beacon of lightGaleras is a glorious beacon of lightGaleras is a glorious beacon of light
offline Joined: Sep 2007 Location: Promyshlennyi Vorkuta Posts: 164 Thanked: 47
  #4  
Unread 10-18-07
Thnks fellow, but what could happend to ppl who don't upgrade ?
J.Black's Avatar
J.Black : Guest
Posts: n/a
  #5  
Unread 10-19-07
Originally Posted by Galeras View Post
Hover to view full quote
Thnks fellow, but what could happend to ppl who don't upgrade ?
this is a security issue

Original Info

vBulletin 3.6.8 Patch Level 1

This release is a patch to the 3.6.8 to fix a security issue reported to us this October 17th 2007. Only 3.6.8 is affected by this issue. The only changes in this release are for this security issue.

The changed files are:

* includes/class_bbcode.php
* includes/version_vbulletin.php


There are no template changes.

What is a Patch Level? How does it differ from a full release?

A patch level release contains fixes for only the most critical issues in the previous release. In this case, this means the only changes are to address a security issue.

It is designed to be installed directly over top of your 3.6.8 installation, with no other action. You do not need to run any upgrade scripts.

How to Upgrade
This is not a full upgrade. You do not need to run any upgrade scripts to complete the upgrade.

1. Patch: Download a patch file discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members' Area patch page or you can find it attached to this thread.
2. Full Package: Alternatively you can download the full package in the vBulletin Members Area and again upload the affected files mentioned in this thread.


If the files have been overwritten properly, your version will be listed as "3.6.8 Patch Level 1" in the administrators' control panel. Your version will still say 3.6.8 on the front-end.
snakeboy's Avatar
snakeboy : Member
snakeboy is on a distinguished road
offline Joined: Oct 2007 Posts: 29 Thanked: 1
  #6  
Unread 10-20-07
Originally Posted by Galeras View Post
Hover to view full quote
Thnks fellow, but what could happend to ppl who don't upgrade ?
They will remain vulnerable to the newly discovered XSS cross scripting security hole...

"upgrading" only involves uploading 2 files and NOTHING else. I can't imagine why anyone would want to resist the chance to secure their board? Not like it's a big job or anything...
Notam's Avatar
Notam : 50+
Notam is on a distinguished road
offline Joined: Oct 2007 Posts: 51 Thanked: 2
  #7  
Unread 10-20-07
i just updated those files tnx 4 the share. what excatly do they cover
snakeboy's Avatar
snakeboy : Member
snakeboy is on a distinguished road
offline Joined: Oct 2007 Posts: 29 Thanked: 1
  #8  
Unread 10-21-07
I'm no coder, but the Jelsoft said this about it:

Originally Posted by Jelsoft
Yesterday morning (October 17th 2007) a security issue was reported to the vBulletin team. After investigating the report's claims, it was discovered that the 3.6.8 code does indeed include a flaw that could lead to a cross-site-scripting (XSS) exploit.

Subsequently, a new vBulletin version was prepared and released yesterday afternoon. This version is vBulletin 3.6.8 Patch Level 1 and includes only the fix for the security flaw.

We recommend that all customers running vBulletin 3.6.8 download the new version and upgrade as soon as possible.
sendog's Avatar
sendog : 50+
sendog will become famous soon enoughsendog will become famous soon enough
offline Joined: Sep 2007 Posts: 65 Thanked: 41
  #9  
Unread 10-21-07
is it necesary to upload all the files or can i upload only this 2 files???

* includes/class_bbcode.php
* includes/version_vbulletin.php
dutchwii's Avatar
dutchwii : OldSkool
dutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the roughdutchwii is a jewel in the rough
offline Joined: Sep 2007 Location: The Hague (The Netherlands) Posts: 216 Thanked: 36
  #10  
Thread Starter Unread 10-21-07
just replace those 2 files
New Thread  Post Reply

Thread Tools

Bookmarks
  • Submit Thread to Facebook
  • Submit Thread to Twitter
  • Submit Thread to Pinterest
  • Submit Thread to LinkedIn
  • Submit Thread to Reddit
Tags
gysn, vbulletinvpatchlevel1phpnullifiedgysn, vbulletin.v3.6.8.patch.level.1.php.nullified-gysn, [gysn]
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Powered by GYSN Underground 2021