vb.org Archive
Page 81 of 85 « First 31717980 81 8283 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Graveyard (https://vborg.vbsupport.ru/forumdisplay.php?f=224)
-   -   Major Additions - microCART: Shopping System for vB4 (https://vborg.vbsupport.ru/showthread.php?t=256723)

BirdOPrey5 05-26-2014 10:34 AM
Quote:
Originally Posted by Toorak Times (Post 2499080)
I got this from my host


Hi Mick,


Are you using the microcart installation?

This has a file management tool kcfinder which has many known security
vulnerabilities.

http://www.tooraktimes.com.au/microc...der/browse.php -> allows you to
upload and browse the files in public_html/microcart/kcfinder/upload/files
directory.


Check this link
http://packetstormsecurity.com/files...ll-Upload.html


The hacker uploaded a shell script and tried to scan all other configuration
files in the server. I am disabling that microcart link.


root@experience [/usr/local/maldetect/sess]# more
session.hits.052214-1739.1040785
{HEX}gzbase64.inject.unclassed.15 :
public_html/microcart/kcfinder/upload/files/b.php5


Your host said the URL to kcfinder was:
Code:
http://www.tooraktimes.com.au/microcart/kcfinder/browse.php
But there is no /kcfinder/ directory in this mod's zip file... Not sure how or why you have a /kcfinder/ directory but it doesn't appear to be included with this mod.

Toorak Times 05-26-2014 10:45 AM
So BOP, when I was hacked by TH3 HACK3R could they have installed it in the cart then? I saw a reference to Black Hack3r in files. I have tried to uninstall this mod but it crashed my site so I have isolated it. I wish Michael would reply as this is really stressing me out

BirdOPrey5 05-26-2014 02:58 PM
Quote:
Originally Posted by Toorak Times (Post 2499452)
So BOP, when I was hacked by TH3 HACK3R could they have installed it in the cart then? I saw a reference to Black Hack3r in files. I have tried to uninstall this mod but it crashed my site so I have isolated it. I wish Michael would reply as this is really stressing me out
It's certainly possible... I would suggest anyone with this mod installed check for a /kcfinder/ directory in their /microcart/ directory, just to be sure.

At this point all I know for sure is /kcfinder/ does not come as part of this mod. I can't say whether an exploit in this mod allowed it to be uploaded or an exploit it something else did.

Toorak Times 05-26-2014 03:46 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2499480)
It's certainly possible... I would suggest anyone with this mod installed check for a /kcfinder/ directory in their /microcart/ directory, just to be sure.

At this point all I know for sure is /kcfinder/ does not come as part of this mod. I can't say whether an exploit in this mod allowed it to be uploaded or an exploit it something else did.


I got smashed 5 times BOP, my database is still psychopathic. have a look if you like...PLEASE!!!

BirdOPrey5 05-26-2014 10:07 PM
Quote:
Originally Posted by Toorak Times (Post 2499493)
I got smashed 5 times BOP, my database is still psychopathic. have a look if you like...PLEASE!!!
I would suggest you look for .php files in the following directories- I've found them in these directories while cleaning up hacked sites before (check all sub-folders of these folders as well)-

/customavatars
/customgroupicons
/customprofilepics
/images
/signaturepics

If you have attachments stored in a web accessible location check that folder too.

These folders should not contain .php files.

As for being in your database the only real place they could be is in a plugin. Check and make sure you don't have any plugins listed in Plugin Manager (not product manager) at the top listed under the "vBulletin" product. If you do make sure these are plugins you created yourself and double-check the code. This is the most often exploited spot.

Second most exploited in my experience is hidden as a plugin of Forum Runner but this will be cleaned if you re-run the upgrade script which I recommend you do if you've been hacked.

Any 3rd party products should be re-installed after a hack to make sure their plugins are the original values and don't contain backdoors left by the hacker.

Toorak Times 05-27-2014 03:08 AM
Thank you so much mate, awesome

AwesomeMetalB 10-16-2014 06:36 PM
Hello,

Regarding the post about:

The fix I use is, go to: Admin CP > Settings > Options > Site Name / URL / Contact Details
In the 'Redirect Domain Whitelist' field, add:
<a href="https://www.paypal.com/" target="_blank">https://www.paypal.com</a>
<a href="https://www.sandbox.paypal.com/" target="_blank">https://www.sandbox.paypal.com</a>


I have implemented this and still receive the following error

Invalid Redirect URL (https://www.paypal.com/cgi-bin/websc...ethod%3Dpaypal)

please see screenshot

http://tinypic.com/r/25icgtk/8

Thank you

Daniel

amandatx 10-16-2014 08:16 PM
1 Attachment(s)
Hello,

After the install I 'am only accessing the index page. Please see the attachment. Any solutions?

Thanks in advance.

AwesomeMetalB 10-16-2014 08:37 PM
cart.php and cart_gateway.php need to be in the same directory as forum.php

for me its /public_html

see if thats the answer

amandatx 10-16-2014 09:07 PM
Quote:
Originally Posted by AwesomeMetalB (Post 2519099)
cart.php and cart_gateway.php need to be in the same directory as forum.php

for me its /public_html

see if thats the answer
Thanks for the reply. I've moved the files, not seeming to have any effect.

Thanks again.


All times are GMT. The time now is 01:13 AM.
Page 81 of 85 « First 31717980 81 8283 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01932 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete