The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
suspicious plugin?
https://vborg.vbsupport.ru/showthread.php?t=324918
Can someone audit this plugin for potential malicious code? The nonsensical results of the plugin and the apathy of the author are worrying me a lot. Here's a mirror : https://www.sendspace.com/file/05icvb |
#2
|
|||
|
|||
It seems fine to me at first sight, what makes you think it could contain malware?
|
#3
|
|||
|
|||
First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script> I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall. I think the code of this product should definitely be audited. |
#4
|
||||
|
||||
Quote:
|
#5
|
||||
|
||||
Not sure if trolling... jQuery loaded from google’s cdn is maclicious code? I don’t even understand what exactly you claim to be malicious.
Also, why are you posting a mirror of it? It can be downloaded directly from the thread as it was posted. What if your computer has malware and it infected the files you re-uploaded (without permission either)? No one else has reported “malicious code” in it.. If you don’t like the product, simply uninstall it. |
Благодарность от: | ||
CAG CheechDogg |
#6
|
|||
|
|||
Quote:
There is nothing malicious about jQuery :down: What do you mean by "apathy of the author" There are no rules that say authors have to respond within a certain time (or at all). If the results are nonsensical to you then just dont use it. Problem solved. |
#7
|
||||
|
||||
Quote:
In the decade and a half since the external code flag was created it has become much more common to link to safe, reliable, libraries hosted by sites like Google. vBulletin does this too, but as an option. No one has to to make external calls to Google to use vBulletin, but it's smart to do so. Whether a call to external jquery raises to the level of needing to click the external content flag is a debate for site moderators, I can see good points for both sides. |
Благодарность от: | ||
X-or |
#8
|
||||
|
||||
This was already discussed prior in the thread and Joe even commented back then on it as well, reference: https://vbulletin.org/forum/showpost...&postcount=244
So it's use at your own risk as Joe mentioned, furthermore you can simply edit out the parts of the mod containing that code before you install on your site. |
Благодарность от: | ||
MarkFL |
#9
|
|||
|
|||
I checked the code and couldn't find the SQL injection backdoor, the email address gathering script is in there though but it doesn't do anything since the site it sends requests to is no longer online.
|
#10
|
|||
|
|||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|