Per the advice in this thread, I'm going to be deleting all plugins, fixing 4.2.0 and upgrading to 4.2.3 this morning; I am under the impression that a very likely culprit here is Yet Another Awards System, a plugin which, when I googled it, came back heavily associated with "SQL Injection."

It's a bit of a shame, though -- apparently we've used YAAS for many years to give badges and whatnot to members of the community. This is a shot in the dark, but does anyone know if those vulnerabilities have been patched by 4.2.3? Is there a good way to similarly overwrite the plugin's files without losing our data on who has what award and so forth?

Official patches will not not do anything for vulnerabilities in addons. as they are their own code.

Only the product developer could fix them.

Hi folks,

My upgrade from 4.2.0 to 4.2.3 seems to have stalled out at the very first step:

Upgrading to 4.2.3
Status: Processing 4.2.1 Alpha 1, Step 1 of 6

The "upgrade progress" window is completely blank. It's been this way for about twenty minutes. I know that the whole process may take an hour, or hours, but the lack of any visible progress has me a little spooked. Should I be concerned that it's run out of memory or something? (It advised me before I started that there was a way I could do this from the command line if necessary, but not knowing whether or not it would be necessary, I elected to let the script try to process through the browser control panel as normal). Is there a way to cancel out, then retry from the command line?

Thanks!

Check the error logs of your web-server or PHP in order to figure out what is causing it to stop.
Cause could vary; out of memory, webhost blocking you automatically because of too many connections to the server, SQL error, etc.

You can just restart the upgrade and it will continue where it left off. yoursite.com/install/upgrade.php

Here, I'll save you a whole messload of trouble- login to your server.

Go to your MySql Database (the one for your vBulletin install).

Click on search. Type %base64%
click on SELECT ALL

hit "Go".

You will find a large number of base64 codes hidden, most likely within [img] tags from filestore. Remove those. If you have plugins that are using base64- you'd better run a decode and see precisely what they're using it for.

Attachment 155535

If you look through your files and see picture_inline.php that file is Shell Script installed and is infecting your server/site. ( Picture_inlinemod.php IS legit)

Getting those redirects from a google search to the forum where I help admin, is there an absolute fix for this issue? We have vbulletin 4.2.5.

You can reference these for possible fixes:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...e123-Hack.html

https://clients.urljet.com/knowledge...version-2.html

With filestore they can insert it many different ways, be sure to check for template edits and also rogue plugins (OR malicious code added at the bottom of a plugin). I've even seen some take the site into debug mode and add the infection to the Master Style before let's hope they didn't do that to you i.e. possibly some script-kiddie using a tutorial and hasn't a clue about things of this nature other than how to read top-to-bottom and clickity-click-click (lol).