Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Recent hacks - exploit discussion
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 11-18-2013, 05:17 PM
create365 create365 is offline
 
Join Date: Aug 2013
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Recent hacks - exploit discussion
http://www.reddit.com/r/netsec/comme...n_compromises/
I have the exploit code, researching it, also confirmed it works.
On black market, exploit is worth $7000.

Most of the times, it ends up with C99/PHPShell installed (mostly under Admin CP -> Paid Subscriptions -> Subscriptions Manager - because part of the users never look there.)

Have you secured your vBulletins/were you hacked?
How vBulletin plans to fix it?



Quote:
The XSS script is multistage based on what the user's session is currently capable of.
Create an invisible iframe pointing to the administrator control panel (ACP).
Using the iframe, check if the user is logged into the ACP. If yes, proceed to stage 5, otherwise continue to stage 3.
Since the user was not logged into the ACP, see if a password manager autofills the fields and submit the credentials off to an attacker controlled server. If no credentials were filled, continue to stage 4.
Retrieve all private messages of the user and ship them off to an attacker controlled servers since they might contain credentials or sensitive information. Not much to be done, exit the script.
Since the user was logged into the ACP, attempt to add a vBulletin hook that allows the remote execution of PHP code. If we don't have the permissions for this, continue to stage 6, otherwise exit the script.
Last straw attempt, try changing a higher ranked administrator's password. (yes, vBulletin is stupid enough to allow it) If we don't have the permissions for this either, continue to stage 4, otherwise exit the script.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:31 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04860 seconds
  • Memory Usage 2,637KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (14)post_thanks_box
  • (4)post_thanks_box_bit
  • (14)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (14)post_thanks_postbit_info
  • (14)postbit
  • (14)postbit_onlinestatus
  • (14)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete