The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
||||
|
||||
Quote:
Sorry for the loss |
#12
|
|||
|
|||
THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP
someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits. This is SAD! Yet again another hole in VBULLETIN! |
#13
|
||||
|
||||
I would say not. Disable all your hacks and change FTP, cPanel, and MySQL passwords.
|
#14
|
||||
|
||||
Quote:
You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations. |
#15
|
|||
|
|||
Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!
This time this exploit works like this: They can login as admin, turn off forum and redirect to another site. This is a brand new exploit and hasn't been a security fix for it yet! |
#16
|
||||
|
||||
Quote:
[high]* Shazz looks into vbulletin.com[/high] |
#17
|
|||
|
|||
*sees patch for 3.6.7...
...oh bugger... |
#18
|
|||
|
|||
I already have: vb 3.6.7 PL 1 and I got exploited L.O.L
I did a full upgrade. the guy keeps doing it. |
#19
|
||||
|
||||
Quote:
Quote:
|
#20
|
||||
|
||||
once you've been compromised you need to change all your admin and system (e.g. database, shell, etc) passwords.
there's a fair chance that your forum got compromised because of a weak admin password, otherwise there would be much more reported compromises. all versions prior to 3.6.7 were exploitable, not just 3.6.6 |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|