vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Version 3.6.6. | Exploit is out? (https://vborg.vbsupport.ru/showthread.php?t=147303)

Shazz 05-16-2007 04:00 AM
Quote:
Originally Posted by dadu911 (Post 1248472)
Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.

Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version.

ALWAYS BACK UP - Lesson well learned.
Thats a ton of users lost :erm:
Sorry for the loss

dadu911 05-20-2007 11:26 AM
THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!

Dismounted 05-20-2007 11:51 AM
I would say not. Disable all your hacks and change FTP, cPanel, and MySQL passwords.

Paul M 05-20-2007 12:20 PM
Quote:
Originally Posted by dadu911 (Post 1251354)
THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!
What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations. :)

dadu911 05-20-2007 08:51 PM
Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!

Shazz 05-20-2007 08:56 PM
Quote:
Originally Posted by dadu911 (Post 1251687)
Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!
:o
[high]* Shazz looks into vbulletin.com[/high]

sonichero 05-20-2007 09:03 PM
*sees patch for 3.6.7...

...oh bugger...

dadu911 05-21-2007 12:35 AM
I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. :( the guy keeps doing it.

Shazz 05-21-2007 12:54 AM
Quote:
Originally Posted by dadu911 (Post 1251777)
I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. :( the guy keeps doing it.
Did you read what Paul M posted a few posts ago?

Quote:
Originally Posted by Paul M
What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations.

El_Muerte 05-21-2007 07:37 AM
once you've been compromised you need to change all your admin and system (e.g. database, shell, etc) passwords.
there's a fair chance that your forum got compromised because of a weak admin password, otherwise there would be much more reported compromises.
all versions prior to 3.6.7 were exploitable, not just 3.6.6


All times are GMT. The time now is 09:42 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01748 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete