vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Security Hack.... Who do I discuss this with ? (https://vborg.vbsupport.ru/showthread.php?t=153351)

FCDobbs 07-25-2007 02:34 PM
Security Hack.... Who do I discuss this with ?
 
I have come across a "hack" that was done to a bulletin board (very recently),
that scares the bejeezus out of me.

I can see this happening pretty much on any bulletin board which uses any form of "sql" database.

In this specific case, they logged in, changed their session ID to "1", refreshed the page, then wreaked havoc all over the site.

I have the specific code used to perform this hack,
but do not want to merely display it here (for obvious reasons).

Who/How can I discuss this and what can/should I do to prevent it from happening on my site?

MaestroX 07-25-2007 02:38 PM
First make sure you are updated with the latest vbulletin and turn off the plugin system. This should help stop any breaches of security.

Report the bug to vbulletin.com, I think they use their project management tool to do this now.

Hope this helps

Dismounted 07-28-2007 10:45 AM
Heh, if only it was that easy to hack a board...

Shazz 07-28-2007 01:15 PM
Quote:
Originally Posted by FCDobbs (Post 1301241)
I can see this happening pretty much on any bulletin board which uses any form of "sql" database.
Umm thats kind of hard to belieave, But contact jelsoft(support ticket) to see what they say :D


All times are GMT. The time now is 05:54 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01073 seconds
  • Memory Usage 1,712KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete