suspicious plugin?

[X-or]

https://vborg.vbsupport.ru/showthread.php?t=324918

Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.
Here's a mirror : https://www.sendspace.com/file/05icvb

[Dave]

It seems fine to me at first sight, what makes you think it could contain malware?

[X-or]

First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.

[In Omnibus]

Quote:

Originally Posted by X-or

First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.

Jquery isn't malicious code. Virtually every software program uses it. Hell, vBulletin uses it.

[vBNinja]

Not sure if trolling... jQuery loaded from google’s cdn is maclicious code? I don’t even understand what exactly you claim to be malicious.

Also, why are you posting a mirror of it? It can be downloaded directly from the thread as it was posted.

What if your computer has malware and it infected the files you re-uploaded (without permission either)?

No one else has reported “malicious code” in it..

If you don’t like the product, simply uninstall it.

[Stingray27]

Quote:

Originally Posted by X-or

Can someone audit this plugin for potential malicious code?
The nonsensical results of the plugin and the apathy of the author are worrying me a lot.

I think you worry too much. :erm:
There is nothing malicious about jQuery :down:

What do you mean by "apathy of the author"
There are no rules that say authors have to respond within a certain time (or at all).

If the results are nonsensical to you then just dont use it. Problem solved.

[BirdOPrey5]

Quote:

Originally Posted by X-or

First the product shows nonsensical results which were reported, but the author didn't react.
Secondly the product definitely uses external content and the author didn't put the proper warning, for example in admincp/slowplugins.php

line 15 : <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

I have recently received an email on a mail address I have never use besides receiving notification from my vbulletin, I'm trying to find where is the backdoor and this one product seems to be the most suspicious of all, it has left tons of data in the sql database even after uninstall.

I think the code of this product should definitely be audited.

X-or never said that jquery was malicious, he said the call to jquery is use of external content, which it technically is. However when the flag for "Uses external content" was created (over a decade ago, probably closer to 15 years) it was intended to for mods that used code presumably hosted by the mod creator, not necessarily open, public, and used all over the web.

In the decade and a half since the external code flag was created it has become much more common to link to safe, reliable, libraries hosted by sites like Google.

vBulletin does this too, but as an option. No one has to to make external calls to Google to use vBulletin, but it's smart to do so.

Whether a call to external jquery raises to the level of needing to click the external content flag is a debate for site moderators, I can see good points for both sides.

[TheLastSuperman]

This was already discussed prior in the thread and Joe even commented back then on it as well, reference: https://vbulletin.org/forum/showpost...&postcount=244

So it's use at your own risk as Joe mentioned, furthermore you can simply edit out the parts of the mod containing that code before you install on your site.

[Dave]

I checked the code and couldn't find the SQL injection backdoor, the email address gathering script is in there though but it doesn't do anything since the site it sends requests to is no longer online.

[IggyP]

Quote:

Originally Posted by TheLastSuperman

This was already discussed prior in the thread and Joe even commented back then on it as well, reference: https://vbulletin.org/forum/showpost...&postcount=244

So it's use at your own risk as Joe mentioned, furthermore you can simply edit out the parts of the mod containing that code before you install on your site.

hmm this is a different mod than the OP linked...fwiw...