vb.org Archive - vB 3.8.7 PL 3 XSS Leak in Email Link to Friend?

Page 2 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - vB 3.8.7 PL 3 XSS Leak in Email Link to Friend? (https://vborg.vbsupport.ru/showthread.php?t=296277)

joeychgo

09-12-2013 02:31 AM

I always recommend forum owners hire Securi. I use them for all my sites. they monitor the sites for intrusions, and track down and repair successful malware / virus attacks on my sites. They have been fantastic for me and they monitor all my sites.

Hall of Famer

09-12-2013 01:22 PM

Quote:

Originally Posted by joeychgo (Post 2445032)

Well I ran two free scans on my forum and the showthread.php page, it says theres no security threat. *sigh* You sure this is correct?

Smitty

09-12-2013 01:48 PM

This is something only a vB *expert* can deal with. I also have a person dedicated to security on my dedicated servers, but he isn't a vB pro. I fixed my problem but with no help from him. That said my servers are secure and I do not expect him to deal with vB issues.

Other than that, not much I can say other than:

How do you know it's showthread.php?

Hall of Famer

09-12-2013 05:07 PM

Quote:

Originally Posted by Smitty (Post 2445110)

'cause the host was able to trace the activity of the hacker, and showthread.php was where he/she accessed to send spammails.

Smitty

09-12-2013 06:11 PM

Ah. Well, it looks like only you and I have run into what ever it was/is. I haven't seen it mentioned anywhere by anyone else. I feel for you. I wish I could help you. I do hope if you find out what it is and how they're doing it you will let me and others know.

Zachery

09-12-2013 09:47 PM

There is an email to friend feature on that page, are you sure your guests are not allowed to use it?

Check the blog usergroup permissions if yuou have it installed, also this blog post should be helpful:

http://www.vbulletin.com/forum/blogs...ve-been-hacked

All times are GMT. The time now is 10:16 PM.

Page 2 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02205 seconds Memory Usage 1,728KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (6)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: