The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Need Help about hacking
Hello all i have a problem today i got so many email about database errors
i think someone try to hack but fail not complete sure i got this emails Code:
Database error in vBulletin 4.2.0: Invalid SQL: SELECT post.postid, post.threadid, post.visible, post.title, post.userid, thread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid FROM post AS post LEFT JOIN thread AS thread USING (threadid) WHERE postid IN (1) AND 81 44 AND (7397=7397); MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '44 AND (7397=7397)' at line 5 Error Number : 1064 Request Date : Monday, July 18th 2016 @ 07:03:58 PM Error Date : Monday, July 18th 2016 @ 07:03:58 PM Script : http://www.XXXXXX.com/forumrunner/request.php Referrer : IP Address : 18*.6*.1**.**9 Username : Unregistered Classname : **_******_MySQLi MySQL Version : Code:
Database error in vBulletin 4.2.0: Invalid SQL: SELECT post.postid, post.threadid, post.visible, post.title, post.userid, thread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid FROM post AS post LEFT JOIN thread AS thread USING (threadid) WHERE postid IN (1) AND (SELECT CHAR(122)||CHAR(107)||CHAR(75)||CHAR(66) FROM INFORMATION_SCHEMA.SYSTEM_USERS)=CHAR(122)||CHAR(107)||CHAR(75)||CHAR(66) AND (7852=7852); MySQL Error : Unknown table 'SYSTEM_USERS' in information_schema Error Number : 1109 Request Date : Monday, July 18th 2016 @ 07:04:18 PM Error Date : Monday, July 18th 2016 @ 07:04:19 PM Script : http://www.XXXXX.com/forumrunner/request.php Referrer : IP Address : 18*.6*.1**.**9 Username : Unregistered Classname : **_******_MySQLi MySQL Version : Code:
Database error in vBulletin 4.2.0: Invalid SQL: SELECT post.postid, post.threadid, post.visible, post.title, post.userid, thread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid FROM post AS post LEFT JOIN thread AS thread USING (threadid) WHERE postid IN (1) AND (SELECT CHAR(122)||CHAR(107)||CHAR(75)||CHAR(66) FROM INFORMATION_SCHEMA.SYSTEM_USERS)=CHAR(122)||CHAR(107)||CHAR(75)||CHAR(66) AND (7852=7852); MySQL Error : Unknown table 'SYSTEM_USERS' in information_schema Error Number : 1109 Request Date : Monday, July 18th 2016 @ 07:04:18 PM Error Date : Monday, July 18th 2016 @ 07:04:19 PM Script : http://www.XXXXXX.com/forumrunner/request.php Referrer : IP Address : 18*.6*.1**.**9 Username : Unregistered Classname : **_******_MySQLi MySQL Version : Some one try to hack me ? Someone got my database ? any help |
#2
|
||||
|
||||
You had better update and patch ASAP: http://www.vbulletin.com/forum/forum...or-vbulletin-4
|
#3
|
||||
|
||||
Check for a new plugin added named "vbulletin" in the hook location "init_startup" containing a load of base64 encoded stuff, if it's there you have been hacked and you should disable/remove it and have a check for any files uploaded to your forum (left menu -> maintenance -> diagnostics -> suspect file versions)
|
Благодарность от: | ||
grey_goose |
#4
|
|||
|
|||
how i check in "vbulletin" in the hook location "init_startup" containing a load of base64 encoded stuff ???
|
#5
|
||||
|
||||
From the admincp go to plugin manager in the left column then check for a product titled "vbulletin" that has the hook location "init_startup", click edit and if in contains the word base64 and a load of random text then you need to disable it.
|
#8
|
||||
|
||||
Disabling Forumrunner will have no effect on the issue, you must either patch it, or remove it.
|
4 благодарности(ей) от: | ||
alcazarx, Lynne, MarkFL, RichieBoy67 |
#9
|
||||
|
||||
Quote:
What some have been doing is injecting their base64 code at the very bottom (scroll to find, they add tons of white space so you won't notice right off the bat unless you scroll down, i.e. if a scrollbar exist when viewing via phpmyadmin, scroll scroll scroll ) and more so we see this with myfilestore than any other type of exploit (also if you're dealing with that in particular, myfilestore redirect then also check the file datastore_cache.php which is located in /includes/datastore/ for any mal code). |
3 благодарности(ей) от: | ||
grey_goose, MarkFL, RichieBoy67 |
#10
|
||||
|
||||
There is a good chance that debase64 code was already added to all of the files as well at this point.
--------------- Added [DATE]1468970657[/DATE] at [TIME]1468970657[/TIME] --------------- Yes, correct. Thank you Paul for the correction. :up: That is why you get the big bucks! |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|