vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Version 3.6.6. | Exploit is out? (https://vborg.vbsupport.ru/showthread.php?t=147303)

dadu911 05-15-2007 11:27 AM
Version 3.6.6. | Exploit is out?
 
I just recently updated to 3.6.6 and I got exploited.

All my threads got renamed to tom and the first post has a picture of tom and a subtitled saying: "owned by tom"

Is there any additional security hacks I can install. It is really getting on my nerves.

Please Help

Dismounted 05-15-2007 11:29 AM
This probably isn't vBulletin. Maybe one of your hacks.

Oblivion Knight 05-15-2007 11:30 AM
Make sure that you and your admins use strong passwords.. Also, check that any other software being run on the server is up-to-date.

It's highly unlikely that it's a security issue with vBulletin 3.6.6

dadu911 05-15-2007 11:43 AM
Hmm I have two hacks installed. HideHack + The Statistic hack. That is all.

I did a login history in Direct Admin, nothing it is just me.

I believe this is a VB Exploit that is currently out.

Dismounted 05-15-2007 11:44 AM
If it is, report it on vB.com? If it's just you, maybe someone logged in under you. Check the Admin Logs.

Oblivion Knight 05-15-2007 03:55 PM
Quote:
Originally Posted by Oblivion Knight (Post 1247993)
It's highly unlikely that it's a security issue with vBulletin 3.6.6
Ha, I retract that statement..

An XSS calendar exploit was just discovered.

dadu911 05-15-2007 11:23 PM
Well everyone I HATE TO SAY I TOLD YOU SO!!:

vBulletin 3.6.7

As much as we hate to spring another upgrade on you all so soon after the release of vBulletin 3.6.6, an XSS flaw was identified today and in order to maintain our commitment to fix security problems as soon as we become aware of them, we have to release 3.6.7 and a patch for older versions.

Shazz 05-15-2007 11:57 PM
Err, Do you have any backups?

dadu911 05-16-2007 02:43 AM
Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.

Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version.

ALWAYS BACK UP - Lesson well learned.

DieselMinded 05-16-2007 03:44 AM
Wow !


All times are GMT. The time now is 11:22 AM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01162 seconds
  • Memory Usage 1,727KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete