vb.org Archive - Hacked through FlashChat integration plugin for vb 3.5.2

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - Hacked through FlashChat integration plugin for vb 3.5.2 (https://vborg.vbsupport.ru/showthread.php?t=125806)

wacnstac

09-04-2006 06:50 PM

Hacked through FlashChat integration plugin for vb 3.5.2

We've been hacked and our database screwed by an apparent vulnerability of the FlashChat integration with vb. Is there an update of the hack with the vulnerability fixed? Any help during this trying time would be very much appreciated.

steve

Delphiprogrammi

09-04-2006 07:25 PM

you mean the meta refresh redirection exploit ? that whas not flashchat but the plugin called "topXstat" and yes that plugin has been updated to fix the holes here flaschat contains a hole to through here is more information about the flashchat hole

steven s

09-04-2006 07:27 PM

Updated FlashChat
http://forum.tufat.com/showthread.php?t=24619

This is interesting.
I caught it just in time.
[Mon Sep 4 15:20:11 2006] [error] [client 200.82.226.80] File does not exist: /home/username/public_html/forum/chat//inc/cmses/aedatingCMS2.php
I would have been hacked if that file was still there.

Traxdata

09-04-2006 08:15 PM

Quote:

Originally Posted by 1996 328ti

Indeed, I get these "errors" about 20 times a day since Friday last week.

steven s

09-04-2006 08:15 PM

Quote:

Originally Posted by Traxdata

Indeed, I get these "errors" about 20 times a day since Friday last week.

Different ip address?

wacnstac

09-04-2006 08:20 PM

Wish these punks would find something better to do.

Traxdata

09-04-2006 08:50 PM

Quote:

Originally Posted by 1996 328ti

Different ip address?

Of course, all Turkish IP's. Today they tried about 70 times! Not bad.

Just found on zone-h! It seems that some other FlashChat files are also insecure!!! Thanks God I have removed this piece of you-know-what.

http://www.zone-h.org/component/opti...berLord/page,2

iran.gs

09-04-2006 09:32 PM

Code:

content="0;url=http://ts.somee.com"> """"

this is their ip
IP: 85.104.221.179 Country: Turkey City: Istanbul, Istanbul

I think VB must do a IP range ban all these turkish delights I lost i whole day try to fix this and it was on saturday my most busy day at my forum :hurt:
I blame the VB Stuffsf or this, something like this should be mail to all vb members and all the forum members after all this is not a free software we did not just get this bicuz it looks good we go it since the name of the software is gr8

All times are GMT. The time now is 08:26 AM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01086 seconds Memory Usage 1,726KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: