Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives
Security problem on vB 2.3.0 Details »»
Security problem on vB 2.3.0
Version: , by ManuYamin ManuYamin is offline
Developer Last Online: Oct 2010 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 08-03-2003 Last Update: Never Installs: 0
 
No support by the author.

Hi,

We have purchase vBulletin (we are actually under version 2.3.0) but now we got a very critical problem, someone (a hacker i think) is now able to access to our customer account and can change their signature, email, etc...

Do you know this problem and do you have a patch witch can solve it ?

Thanks

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 08-03-2003, 10:27 AM
seppl seppl is offline
 
Join Date: Jul 2003
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi

do you really think, that the "hacker" has hacked your vb via an exploit? i think an admin has an simply guessable password ...

cu
Reply With Quote
  #3  
Old 08-03-2003, 10:35 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vB 2.3.0 has no security issues that is known.
Reply With Quote
  #4  
Old 08-03-2003, 12:45 PM
ManuYamin ManuYamin is offline
 
Join Date: Apr 2002
Location: France
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, my administrative password is pretty hard to guess (letter + numbers + extra characters)

Have you any idea of how a hacker can access to my users data ?
Reply With Quote
  #5  
Old 08-03-2003, 12:46 PM
ManuYamin ManuYamin is offline
 
Join Date: Apr 2002
Location: France
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've heard about a flash code that allow to read user's cookie, do you know this problem ?
Reply With Quote
  #6  
Old 08-03-2003, 12:53 PM
ManuYamin ManuYamin is offline
 
Join Date: Apr 2002
Location: France
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In fact this "hacker" change the user signature and write some diffamous post.

After that he change the user email adress and password so the user cannot reconnect and is marked as "user awaiting email notification".

Excuse me for my poor english (i'm french)
Reply With Quote
  #7  
Old 08-03-2003, 01:04 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
 
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Its more than likly that the "hacker" has just obtained the users password, without any real hacking. Make sure you have HTML turned off everywhere (Sigs, PM and Posts). If you have an IP for them then report them to their ISP.
Reply With Quote
  #8  
Old 08-03-2003, 01:14 PM
ManuYamin ManuYamin is offline
 
Join Date: Apr 2002
Location: France
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok thanks i will turn off HTML
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:24 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03896 seconds
  • Memory Usage 2,253KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (7)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete