Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 01-24-2016, 12:13 PM
indispensable indispensable is offline
 
Join Date: Jul 2013
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacking attempt from user EvoDarrenshan

Subject: Hacking attempt from user EvoDarrenshan

Detail: I am not sure whom to report but since user EvoDarrenshan posted a paid request here on vbulletin.org and in response to that i showed him a demo and this all incident happend.

I did show a demo for completed bitpay plugin and given admincp access to check it, but instead of checking user tried to use vbulletin exploit and uploaded 1 file and then several others to hack :-
1)newpost.php
2)logins.php
3)ms/index.php
4)ms/install.php
5)ms/dump_db.php


He uses those file in attempt gain access to files/plugins/settings etc. in attempt to steal the products. I have full access detail logged on my server log and can provide on request for proof.

=================================
How he done write those files on server????

"bbclosedreason"

I have given restricted admincp access, and he updated the varname = "bbclosedreason" ... and eventually after that "newpost.php" was created on vb root, thus there may be some vulnerability in settings save.(some more to investigate)
=================================

IP address involved are as :

81.111.250.39
104.238.169.63
192.99.148.171
86.61.38.78
84.81.39.117
5.153.234.58
31.168.172.142
108.61.122.65
159.122.133.213
103.59.29.123
104.238.169.64

23.101.61.176
40.78.146.128

User-Agents Involved:-

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/7.1.4 Safari/537.85.13
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36



So i request vbulletin admin to ban/remove such user from vbulletin.org and delete his posts, as he may cheat and scam other people too, using your site "vbulletin.org" by posting project request and so. Further i have notify cyber cell with full detail so to take legal action, and since that user is from Birkenhead, UK ... it may take some time to send him behind bars.


Thanks.
Attached Files
File Type: php logins.php (31.4 KB, 11 views)
File Type: php newpost.php (66.7 KB, 7 views)
  #2  
Old 01-24-2016, 12:18 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the heads up. :up:
  #3  
Old 01-25-2016, 12:31 PM
socialteenz's Avatar
socialteenz socialteenz is offline
 
Join Date: May 2011
Posts: 465
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very good job
  #4  
Old 01-25-2016, 09:37 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vBulletin.org nor it's staff takes sides or actions in disputes resulting from paid requests, we simply can't based on a number of factors. I will say that in my personal opinion however this seems very weird/odd/suspicious based on the statement provided and the fact actual proof might exist yet I cannot confirm nor deny any of this is true therefor neither should any of you respectively.

Closed until a senior staff member has time to review.

Edit: This has been reviewed by senior staff and as per all other disputes there is nothing we can do, we will not take sides nor can we - ever as we would then be siding with one or the other and we shouldn't! It's simply... how is it they put it - "How the cookie crumbles" so be sure to protect yourself when hiring someone to do a paid request OR when providing services or mods to those requesting paid services or mods respectively.
3 благодарности(ей) от:
blind-eddie, ozzy47, RichieBoy67
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:24 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04121 seconds
  • Memory Usage 2,210KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (3)post_thanks_box_bit
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (2)postbit_attachment
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete