Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Prev Previous Post   Next Post Next
  #1  
Old 01-24-2016, 12:13 PM
indispensable indispensable is offline
 
Join Date: Jul 2013
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacking attempt from user EvoDarrenshan

Subject: Hacking attempt from user EvoDarrenshan

Detail: I am not sure whom to report but since user EvoDarrenshan posted a paid request here on vbulletin.org and in response to that i showed him a demo and this all incident happend.

I did show a demo for completed bitpay plugin and given admincp access to check it, but instead of checking user tried to use vbulletin exploit and uploaded 1 file and then several others to hack :-
1)newpost.php
2)logins.php
3)ms/index.php
4)ms/install.php
5)ms/dump_db.php


He uses those file in attempt gain access to files/plugins/settings etc. in attempt to steal the products. I have full access detail logged on my server log and can provide on request for proof.

=================================
How he done write those files on server????

"bbclosedreason"

I have given restricted admincp access, and he updated the varname = "bbclosedreason" ... and eventually after that "newpost.php" was created on vb root, thus there may be some vulnerability in settings save.(some more to investigate)
=================================

IP address involved are as :

81.111.250.39
104.238.169.63
192.99.148.171
86.61.38.78
84.81.39.117
5.153.234.58
31.168.172.142
108.61.122.65
159.122.133.213
103.59.29.123
104.238.169.64

23.101.61.176
40.78.146.128

User-Agents Involved:-

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/7.1.4 Safari/537.85.13
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36



So i request vbulletin admin to ban/remove such user from vbulletin.org and delete his posts, as he may cheat and scam other people too, using your site "vbulletin.org" by posting project request and so. Further i have notify cyber cell with full detail so to take legal action, and since that user is from Birkenhead, UK ... it may take some time to send him behind bars.


Thanks.
Attached Files
File Type: php logins.php (31.4 KB, 11 views)
File Type: php newpost.php (66.7 KB, 7 views)
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:41 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04794 seconds
  • Memory Usage 2,337KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (3)post_thanks_box_bit
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (2)postbit_attachment
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete