vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Problems with vbulletin 3.7.4 PL 2 (https://vborg.vbsupport.ru/showthread.php?t=279750)

koko10ar 03-08-2012 01:20 PM
Problems with vbulletin 3.7.4 PL 2
 
Hi guys, I resort to you because my site has been hacked. The hacker inserted an exploit that creates a new php file in the "uploads folder" of vBulletin allowing remote filesystem control. By the way, it modifies the pages being served (every .php file) to include a script tag redirecting visitors to some sites.

I could fixed temporarily running a script that I took from here:
https://github.com/walkeralencar/rrn...rnuVaccine.php

It really worked, but I would like a permanent solution. According to my limit knowledge, I inferred that this vulnerability comes from a stored-xss vulnerability but I carried out different researches and all the vulnerabilities connected with this vbulletin version are "sql injection" ones.

Anyway, the aim of this thread is to ask if you know how can I fix all the vulnerabilities that this version has. Is upgrading to a new version the only solution?

I look forward to hearing your opinions!!!

Thanks in advance.
koko

Lynne 03-08-2012 04:03 PM
Since security patches are no longer provided for that version, then you really should upgrade.

Also, you uploads folder (I assume you are talking about your attachments directory?) should not be accessible - it should NOT be in the site root folder. It should be 'above' there so no one may access any files in there directly.


All times are GMT. The time now is 03:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01739 seconds
  • Memory Usage 1,710KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete