The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Warning to FlashChat users - security hole
GET /chat/inc/cmses/aedatingCMS.php?<exploit data>
Warning to users who use FlashChat - this script was just used to add an exploit script to my server. |
#2
|
||||
|
||||
Please don't post full exploits where everyone can see them (and then go try them ....).
Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used. |
#3
|
|||
|
|||
If you have already been 'hacked' into via this hole. Then do you need to do anything addtionally to resolve it ?
|
#4
|
||||
|
||||
thank you for information MPDev
|
#5
|
||||
|
||||
Quote:
Thanks Paul for this! I removed all files but the 30, 35, and 36 because I just wasn't sure which one I needed :surprised: |
#6
|
|||
|
|||
FLMom
which version of vBulletin do you use? I'd assume 30 is for the 3.0.x series, 35 is for 3.5.x and 36 is for vBulletin 3.6 Hope that helps, and glad i dont have this anymore |
#7
|
||||
|
||||
Thanks for the heads up. I'm a nut about space, so these already didn't exist, but it's still great to know.
|
#8
|
|||
|
|||
Cheers peeps...issues pre-resolved
|
#9
|
||||
|
||||
Quote:
Line 55 in my file Code:
//your CMS system 'CMSsystem' => 'vbulletinXXCMS',// defaultCMS - default CMS, blank - stateless CMS |
#10
|
|||
|
|||
Thanks for posting the fix, Paul.
Rebecca |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|