OCCRA
Go to Post ...isn't that part of the point? For high schoolers to do things they "could not have" by themselves? - AdamHeard [more]
Home
Go Back   Chief Delphi > ChiefDelphi.com Website > CD Forum Support
CD-Media  
portal register members calendar search Today's Posts Mark Forums Read FAQ rules

 
Closed Thread
Thread Tools Rate Thread Display Modes
  #1   Spotlight this post!  
Unread 11-05-2018, 08:33 PM
tweirtx's Avatar
tweirtx tweirtx is offline
Registered User
AKA: Travis Weir
FRC #5052 (The RoboLobos)
Team Role: Marketing
 
Join Date: Oct 2018
Rookie Year: 2014
Location: Cedar Park, Texas
Posts: 2
tweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond reputetweirtx has a reputation beyond repute
Vulnerabilities

Alright. This is the third time I or someone else have posted about this. The CD mods obviously don't care about security and keep deleting our posts about them having security vulnerabilities.

There are some pretty major vulnerabilities in this version of vBulletin, which you might want to say happy 12th birthday to in a few weeks. I'd rather not have personal data on a platform that has major vulnerabilities, including XSS and SQL injection.

Please patch your site. For your users.

Last edited by Dez : 11-05-2018 at 08:36 PM. Reason: link removed!
  #2   Spotlight this post!  
Unread 11-05-2018, 08:34 PM
FletcherS7's Avatar
FletcherS7 FletcherS7 is offline
FTAA, Webmaster, and such
AKA: Fletcher
FRC #0100 (WildHats)
Team Role: Mentor
 
Join Date: Mar 2015
Rookie Year: 2014
Location: Woodside, Ca
Posts: 63
FletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud of
Re: Vulnerabilities

Incoming

Quote:
Invalid Thread specified. If you followed a valid link, please notify the administrator
__________________
FTAA, Webmaster, IT, Media, and everything between.

  #3   Spotlight this post!  
Unread 11-05-2018, 08:34 PM
lcrobo's Avatar
lcrobo lcrobo is offline
Registered User
FRC #0870 (Team R.I.C.E)
Team Role: Programmer
 
Join Date: Mar 2018
Rookie Year: 2017
Location: Southold, NY
Posts: 3
lcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to beholdlcrobo is a splendid one to behold
Re: Vulnerabilities

Cmon mods, the 3rd time is not the charm.
  #4   Spotlight this post!  
Unread 11-05-2018, 08:35 PM
Lil' Lavery Lil' Lavery is offline
Hungry Dawgs Run Faster
AKA: Sean Lavery
FRC #1712 (DAWGMA)
Team Role: Mentor
 
Join Date: Nov 2003
Rookie Year: 2003
Location: Philadelphia, PA
Posts: 7,739
Lil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond repute
Send a message via AIM to Lil' Lavery
Re: Vulnerabilities

Spoiler alert: Maybe it's not a good idea to post specific vulnerabilities publicly, and you would get a more receptive audience if you took the hint and PM'd the administrators
__________________
Being correct doesn't mean you don't have to explain yourself.
  #5   Spotlight this post!  
Unread 11-05-2018, 08:36 PM
FletcherS7's Avatar
FletcherS7 FletcherS7 is offline
FTAA, Webmaster, and such
AKA: Fletcher
FRC #0100 (WildHats)
Team Role: Mentor
 
Join Date: Mar 2015
Rookie Year: 2014
Location: Woodside, Ca
Posts: 63
FletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud of
Re: Vulnerabilities

Quote:
Originally Posted by Lil' Lavery View Post
Spoiler alert: Maybe it's not a good idea to post specific vulnerabilities publicly, and you would get a more receptive audience if you took the hint and PM'd the administrators
These issues were brought up in 2012 and again in 2015.
__________________
FTAA, Webmaster, IT, Media, and everything between.

  #6   Spotlight this post!  
Unread 11-05-2018, 08:37 PM
Harrison.Smith Harrison.Smith is offline
Business, CAD, Mechanical
no team
Team Role: Leadership
 
Join Date: Apr 2016
Rookie Year: 2013
Location: Texas
Posts: 131
Harrison.Smith is a jewel in the roughHarrison.Smith is a jewel in the roughHarrison.Smith is a jewel in the rough
Re: Vulnerabilities

Can we get an explanation on why the CD moderation team is trying to hide this information from the public? Is the info false, if not this is a major concern for every user and should be treated as such by the community, especially the moderation team.
__________________
“Rest and be thankful.” — William Wadsworth

Team 1296: 2014 - 2016
  #7   Spotlight this post!  
Unread 11-05-2018, 08:37 PM
plnyyanks's Avatar
plnyyanks plnyyanks is offline
Data wins arguments.
AKA: Phil Lopreiato
no team (The Blue Alliance)
Team Role: Engineer
 
Join Date: Apr 2010
Rookie Year: 2010
Location: NYC
Posts: 1,219
plnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond repute
Re: Vulnerabilities

I mean, it's pretty well documented that this site runs an ancient version of vbulletin and it's really not that hard to to look up any relevant CVEs.

Security through obscurity is rarely a good strategy
__________________
Phil Lopreiato - "It's a hardware problem"
Team 1124 (2010 - 2013), Team 1418 (2014), Team 2900 (2016)
The Blue Alliance | The Blue Alliance for Android | FRC Notebook
  #8   Spotlight this post!  
Unread 11-05-2018, 08:37 PM
asid61's Avatar
asid61 asid61 is offline
Design Simple
AKA: Anand Rajamani
FRC #1072 (Harker Robotics)
Team Role: Mentor
 
Join Date: Jan 2014
Rookie Year: 2013
Location: Cupertino, CA
Posts: 3,086
asid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond reputeasid61 has a reputation beyond repute
Re: Vulnerabilities

This is a little sketch, but it doesn't look as worrying as I thought... when is the forum being upgraded again?
Also, why so much red for this?
__________________
Team 1072 2017-present
Team 299 2017
Team 115 2013-2016 (student)

2018 Davis Finalists (w/ 6474 and 3880), 2018 Roebling Winners (w/ 3476, 1323, and 1778)

  #9   Spotlight this post!  
Unread 11-05-2018, 08:38 PM
Fletch1373's Avatar
Fletch1373 Fletch1373 is offline
Registered User
AKA: Fletch
FRC #1126 (SPARX(1126) and Panthers(3181))
Team Role: Mentor
 
Join Date: Jan 2008
Rookie Year: 2003
Location: Webster, NY
Posts: 293
Fletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant futureFletch1373 has a brilliant future
Re: Vulnerabilities

Quote:
Originally Posted by Lil' Lavery View Post
Spoiler alert: Maybe it's not a good idea to post specific vulnerabilities publicly, and you would get a more receptive audience if you took the hint and PM'd the administrators
If the vBullitin version is indeed 12 years old, and have publicly known vulnerabilities, then having them linked to here is no worse than not posting it at all. I see no issues with this being posted. Mods/admin(s), please "take a hint" and update the software...
__________________
Student:
<05-08: FRC1373> <04: FRC0213>
Mentor:
<18-??: FRC1126> <15-??: FRC3181> <12-14: FRC0073> <11-12: FRC3555> <09-10: FRC0809>
Volunteer:
<FTAA> <CSA> <Scorekeeper> <Robot Inspector> <and many more...>
2018 Tour:
NYUT[CSA] > CTWAT[FTAA] > NYRO[CSA] > DetCMP[maybe...?]
  #10   Spotlight this post!  
Unread 11-05-2018, 08:39 PM
dirtbikerxz's Avatar
dirtbikerxz dirtbikerxz is offline
Captain | Driver | Senior
AKA: Rohit Gondi
FRC #3991 (KnightVision)
Team Role: Driver
 
Join Date: Nov 2014
Rookie Year: 2012
Location: Baton Rouge, LA
Posts: 833
dirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond reputedirtbikerxz has a reputation beyond repute
Re: Vulnerabilities

I remember this being brought up many times just to be pushed under the rug, one of the most prominent times (that i remember) this was brought up was over three years ago, and this was the response to that: https://www.chiefdelphi.com/forums/s...7&postcount=74 . Here we are three years later, with no changes.
__________________
Team 3991: Driver (2013-2018), Captain (2015-2018)
"The human condition is not perfect. We are not perfect specimens, any of us. We're not robots." - Michael Ovitz

  #11   Spotlight this post!  
Unread 11-05-2018, 08:40 PM
Lil' Lavery Lil' Lavery is offline
Hungry Dawgs Run Faster
AKA: Sean Lavery
FRC #1712 (DAWGMA)
Team Role: Mentor
 
Join Date: Nov 2003
Rookie Year: 2003
Location: Philadelphia, PA
Posts: 7,739
Lil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond reputeLil' Lavery has a reputation beyond repute
Send a message via AIM to Lil' Lavery
Re: Vulnerabilities

Quote:
Originally Posted by asid61 View Post
This is a little sketch, but it doesn't look as worrying as I thought... when is the forum being upgraded again?
Also, why so much red for this?
Because my rep power is really absurd.

For the record, I neg repped him for knowingly and willingly recreating a thread that had been deleted twice (and for his "CD mods don't care" micro-rant). I didn't neg rep for sharing the link.
__________________
Being correct doesn't mean you don't have to explain yourself.
  #12   Spotlight this post!  
Unread 11-05-2018, 08:44 PM
plnyyanks's Avatar
plnyyanks plnyyanks is offline
Data wins arguments.
AKA: Phil Lopreiato
no team (The Blue Alliance)
Team Role: Engineer
 
Join Date: Apr 2010
Rookie Year: 2010
Location: NYC
Posts: 1,219
plnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond reputeplnyyanks has a reputation beyond repute
Re: Vulnerabilities

Quote:
Originally Posted by Lil' Lavery View Post
Because my rep power is really absurd.

For the record, I neg repped him for knowingly and willingly recreating a thread that had been deleted twice (and for his "CD mods don't care" micro-rant). I didn't neg rep for sharing the link.
FWIW the OP only recreated the thread once, the second one was someone else who saw the thread and though it was worth having around.

Additionally, there's startlingly little transparency about why a thread was removed about such a crucial topic, which is enough to warrant persistent reposting, IMO
__________________
Phil Lopreiato - "It's a hardware problem"
Team 1124 (2010 - 2013), Team 1418 (2014), Team 2900 (2016)
The Blue Alliance | The Blue Alliance for Android | FRC Notebook
  #13   Spotlight this post!  
Unread 11-05-2018, 08:44 PM
FletcherS7's Avatar
FletcherS7 FletcherS7 is offline
FTAA, Webmaster, and such
AKA: Fletcher
FRC #0100 (WildHats)
Team Role: Mentor
 
Join Date: Mar 2015
Rookie Year: 2014
Location: Woodside, Ca
Posts: 63
FletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud ofFletcherS7 has much to be proud of
Re: Vulnerabilities

Since this thread is alive. I will bring up my response to the original thread

Quote:
And that's just the forum software.
What about the Web Server and the OS its running on.
__________________
FTAA, Webmaster, IT, Media, and everything between.

  #14   Spotlight this post!  
Unread 11-05-2018, 08:45 PM
Chris is me's Avatar
Chris is me Chris is me is offline
on a break
AKA: Pinecone
no team (formerly FRC 3929, 228, 2791)
Team Role: Mentor
 
Join Date: Dec 2008
Rookie Year: 2006
Location: Chicago, IL
Posts: 8,557
Chris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond reputeChris is me has a reputation beyond repute
Re: Vulnerabilities

The previous thread was left with a deletion note asking the user to direct this concern to webmaster@chiefdelphi.com (I am not sure this note is visible to users). The moderators do not control the version of VBulletin the site uses and are not trying to clamp down on this as if it's some kind of conspiracy.
__________________
Sort-of looking for a new team in or near Chicago; PM me if you have a lead.
Mentor: 3929 (2018)
Mentor / Drive Coach: 228 (2016-17) - 2016 RIDE Winner &
Consultant: 2170 (2017)
College Mentor: 2791 (2010-15) Build Photos - 2013 WPI Finalists, 2012 BAE Finalists
Student: 1714 (2009) - 2009 MN 10K Lakes Winners
  #15   Spotlight this post!  
Unread 11-05-2018, 08:46 PM
synth3tk's Avatar
synth3tk synth3tk is offline
Lead Mentor / Volunteer / TBA
AKA: David Thomas
FRC #7486
Team Role: Mentor
 
Join Date: Jan 2007
Rookie Year: 2007
Location: Ohio
Posts: 2,020
synth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond reputesynth3tk has a reputation beyond repute
Re: Vulnerabilities

Cool. Get mad that someone is pointing out the absurdly-outdated forum software used to discuss a tech-heavy program on a website that consistently hits the first page of Google results.


Cool. ��☕️
__________________
Quote:
The difference between theory and application is that in theory, theory and application are the same; In application, they are not.
Closed Thread


Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 02:05 AM.

The Chief Delphi Forums are sponsored by Innovation First International, Inc.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi