vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   suspicious plugin? (https://vborg.vbsupport.ru/showthread.php?t=326031)

X-or 01-27-2018 02:47 PM
suspicious plugin?
 
https://vborg.vbsupport.ru/showthread.php?t=324918

Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.
Here's a mirror : https://www.sendspace.com/file/05icvb

Dave 01-27-2018 05:14 PM
It seems fine to me at first sight, what makes you think it could contain malware?

X-or 01-27-2018 10:33 PM
First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.

In Omnibus 01-28-2018 12:58 AM
Quote:
Originally Posted by X-or (Post 2592456)
First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.
Jquery isn't malicious code. Virtually every software program uses it. Hell, vBulletin uses it.

vBNinja 01-28-2018 09:05 PM
Not sure if trolling... jQuery loaded from google’s cdn is maclicious code? I don’t even understand what exactly you claim to be malicious.

Also, why are you posting a mirror of it? It can be downloaded directly from the thread as it was posted.

What if your computer has malware and it infected the files you re-uploaded (without permission either)?

No one else has reported “malicious code” in it..

If you don’t like the product, simply uninstall it.

Stingray27 01-29-2018 04:09 PM
Quote:
Originally Posted by X-or (Post 2592450)
Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.
I think you worry too much. :erm:
There is nothing malicious about jQuery :down:

What do you mean by "apathy of the author" :confused:
There are no rules that say authors have to respond within a certain time (or at all).

If the results are nonsensical to you then just dont use it. Problem solved. :cool:

BirdOPrey5 01-30-2018 01:30 PM
Quote:
Originally Posted by X-or (Post 2592456)
First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.
X-or never said that jquery was malicious, he said the call to jquery is use of external content, which it technically is. However when the flag for "Uses external content" was created (over a decade ago, probably closer to 15 years) it was intended to for mods that used code presumably hosted by the mod creator, not necessarily open, public, and used all over the web.

In the decade and a half since the external code flag was created it has become much more common to link to safe, reliable, libraries hosted by sites like Google.

vBulletin does this too, but as an option. No one has to to make external calls to Google to use vBulletin, but it's smart to do so.

Whether a call to external jquery raises to the level of needing to click the external content flag is a debate for site moderators, I can see good points for both sides.

TheLastSuperman 02-01-2018 06:58 PM
This was already discussed prior in the thread and Joe even commented back then on it as well, reference: https://vbulletin.org/forum/showpost...&postcount=244

So it's use at your own risk as Joe mentioned, furthermore you can simply edit out the parts of the mod containing that code before you install on your site.

Dave 02-01-2018 07:05 PM
I checked the code and couldn't find the SQL injection backdoor, the email address gathering script is in there though but it doesn't do anything since the site it sends requests to is no longer online.

IggyP 02-01-2018 11:53 PM
Quote:
Originally Posted by TheLastSuperman (Post 2592578)
This was already discussed prior in the thread and Joe even commented back then on it as well, reference: https://vbulletin.org/forum/showpost...&postcount=244

So it's use at your own risk as Joe mentioned, furthermore you can simply edit out the parts of the mod containing that code before you install on your site.
hmm this is a different mod than the OP linked...fwiw...


All times are GMT. The time now is 10:22 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01118 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete