vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   suspicious plugin? (https://vborg.vbsupport.ru/showthread.php?t=326031)

BirdOPrey5 02-02-2018 11:50 AM
Quote:
Originally Posted by IggyP (Post 2592590)
hmm this is a different mod than the OP linked...fwiw...
Different mod and different mod author.

TheLastSuperman 02-05-2018 09:31 PM
o.O apparently so ^ there were two reported posts and I clicked on the wrong link! Sometimes oversight is awesome :p.

X-or 02-08-2018 03:01 AM
Quote:
Originally Posted by Dave (Post 2592579)
I checked the code and couldn't find the SQL injection backdoor, the email address gathering script is in there though but it doesn't do anything since the site it sends requests to is no longer online.
Email address gathering script? :confused:
Isn't it against the rules? :confused:

--------------- Added [DATE]1518132620[/DATE] at [TIME]1518132620[/TIME] ---------------

@Dave , could you please provide more details about this email gathering script? Sounds like a very malicious thing. :confused:

X-or 07-31-2018 09:16 AM
Nobody wants to audit this product, really?

Again I would like to stress the webmaster email was leaked after installing this product....
And maybe the whole database, who knows...
Also this is a product that outputs utterly nonsensical results which only adds to the suspicion
Is this site dead or something, why nobody looks into it

BirdOPrey5 07-31-2018 02:59 PM
Quote:
Originally Posted by X-or (Post 2595788)
Nobody wants to audit this product, really?

Again I would like to stress the webmaster email was leaked after installing this product....
And maybe the whole database, who knows...
Also this is a product that outputs utterly nonsensical results which only adds to the suspicion
Is this site dead or something, why nobody looks into it
All of the above? The mod hasn't been updated in over 5 years. It probably doesn't even work on PHP 7. If you are unsure about using it, don't use it. If the results are "nonsensical" than it is no loss.

Is the site dead? Not technically, we're posting here... but it is a fraction of what it used to be and even 5 years ago it was a fraction of what it was 5 years before that. :(

X-or 07-31-2018 03:13 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2595791)
The mod hasn't been updated in over 5 years.
Why does it say "Last Update: 14 Apr 2017" ?
Is this information inaccurate?

BirdOPrey5 07-31-2018 03:18 PM
Hmmm... somehow I thought this was about this mod: https://vbulletin.org/forum/showthread.php?t=241481

Oh it's because I followed the link in The Last Superman's post (#8) and assumed it was the mod in question, my bad.

I wouldn't use the mod in this post either.

--------------- Added [DATE]1533059424[/DATE] at [TIME]1533059424[/TIME] ---------------

Quote:
Originally Posted by X-or (Post 2592450)
https://vborg.vbsupport.ru/showthread.php?t=324918

Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.
Here's a mirror : https://www.sendspace.com/file/05icvb
I did a light audit... I looked through the main php file and searched for some common means of collecting/sending data and didn't notice or find anything suspicious.

It's by no means me saying it's safe to use, but there is nothing obvious to me to worry about.

I have no intention of using or installing.

final kaoss 08-04-2018 06:56 PM
Quote:
Originally Posted by X-or (Post 2592450)
https://vborg.vbsupport.ru/showthread.php?t=324918

Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.
Here's a mirror : https://www.sendspace.com/file/05icvb
Just gave it a check;
there's a link to a dead site in the xml description of it. (fuelmyforums)
and a small .js from the google cdn, all is fine here. (<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>)

The fastest way for someone who isn't used to coding imho is to look is to open the files and do a search for "//" without the quotation marks and you'll easily find any links which could be used to send info to a external site.. Or just give a quick look through of all the files like I did.

BirdOPrey5 08-05-2018 04:09 PM
Quote:
Originally Posted by final kaoss (Post 2595850)
Just gave it a check;
there's a link to a dead site in the xml description of it. (fuelmyforums)
and a small .js from the google cdn, all is fine here. (<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>)

The fastest way for someone who isn't used to coding imho is to look is to open the files and do a search for "//" without the quotation marks and you'll easily find any links which could be used to send info to a external site.. Or just give a quick look through of all the files like I did.
Those up to no good could purposely hide this kind of code though, so be aware if you don't find any it doesn't mean it's 100% safe.


All times are GMT. The time now is 03:13 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01091 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete