Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #71  
Old 05-20-2011, 02:51 PM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hi,

hmmmm people give valter a break.Ok i wasn't using that mod with a security hole and i can undestand the frusteration and anger you feel when your site is hacked but this coder is human and humans regardless of there amount of knowledge do make mistakes

the one (and only for that matter) 100% secure code is the one a human never wrote

i can't stand the bashing at the mod author stop it to me he is a respected coder i mean i don't know him but it's just plain bad to going to critize all of his work just because of one bad one
Reply With Quote
  #72  
Old 05-20-2011, 06:23 PM
preemz10314 preemz10314 is offline
 
Join Date: Oct 2010
Posts: 189
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery View Post
Please dont go around posting FUD. If you do not have a link to an exploit report, chances are there isn't one in the wild.
Check it out and confirm.

*you need to sign up to view their forums*

I am not spreading spam. But the vb team needs to verify this. This is the latest exploit that is going around. Take a look at the date on this thread & post. It is very recent...like I said, I am no hacker or exploiter nor have i tested it out. But it is something to take a look at...I think there is some credibility to this one.

http://www.hackforums.net/showthread...303176&page=11

http://www.hackforums.net/showthread...1230802&page=2
Reply With Quote
  #73  
Old 05-20-2011, 06:37 PM
Disasterpiece's Avatar
Disasterpiece Disasterpiece is offline
 
Join Date: Apr 2007
Location: GER
Posts: 765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This thread is actually about the recent exploit from the AFR mod. If you have general vb exploits, I suggest to send a PM to an administrator.
Reply With Quote
  #74  
Old 05-20-2011, 06:59 PM
preemz10314 preemz10314 is offline
 
Join Date: Oct 2010
Posts: 189
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yea sorry. I did.
Reply With Quote
  #75  
Old 05-20-2011, 09:24 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

FUD is not spam, FUD is fear uncertainty and doubt.

Please send the full exploit information to sales@vbulletin.com
Reply With Quote
  #76  
Old 05-20-2011, 11:38 PM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Disasterpiece View Post
This thread is actually about the recent exploit from the AFR mod.
So its not any new exploit as such.
Reply With Quote
  #77  
Old 05-23-2011, 12:28 AM
jimsflies jimsflies is offline
 
Join Date: Aug 2009
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How do you go about tracking down the add-on that was the problem? I got rehacked tonight by Team Adimus and had also upgraded my advanced forum rules mod earlier this month after the first time.
Reply With Quote
  #78  
Old 05-23-2011, 01:01 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

AFR was updated again a few days ago, did you install that ?
Reply With Quote
  #79  
Old 05-23-2011, 01:27 AM
jimsflies jimsflies is offline
 
Join Date: Aug 2009
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No it wasn't...I realized that after posting here and back tracking to find the cause..found snoopytas post about the cookie vulernability. Its updated now though. Hopefully this time I can put this behind me...

--------------- Added [DATE]1306166227[/DATE] at [TIME]1306166227[/TIME] ---------------

Also found that they not only added vba.php to the includes folder, they also added it to includes/xml/includes as well as a file called include_bbs.php to both of those directories as well.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:44 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04032 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete