Exploit in vbulletin!!!Urgent!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • franzes80
    New Member
    • Nov 2012
    • 19
    • 4.2.X

    [Forum] Exploit in vbulletin!!!Urgent!!!

    hi,have your member and would like to report a website hacker who found an exploit on vbulletin.Please report it to technical support.It's urgent

    vBulletin 3.x/4.x/5.x (product => quick_replay) remote SQL Injection PHP exploit








    Exploit fetch sensitive information for target, this blind injection present in module that about 130 page in google of vulnerable sites used this module




    Is very hacking site.Please close this site.
    Report it to technical support.It's urgent!!!
    Last edited by Wayne Luke; Sat 1 Dec '12, 8:25am.
  • Zachery
    Former vBulletin Support
    • Jul 2002
    • 59097

    #2
    We've been made aware of the exploit, at this time the person who created the exploit is charging close to 1000 dollars for it. Without any POC or affected sites to check, there is nothing we can do at this time.

    If anyone has any additional information about the exploit, its POC, or how to patch it, we'll gladly take their information to patch the software.

    Comment

    • niceguy2010
      Member
      • Jan 2006
      • 43
      • 3.0.7

      #3
      I think they have it on sale for $400.


      People need to check their error logs.

      Comment

      • trigatch4
        New Member
        • Sep 2008
        • 11
        • 3.7.x

        #4
        Ummmm... whether it's $400 or $1000, wouldn't it make sense for vBulletin to buy it, identify the exploit, and patch it rather than wait for all your customers to get hacked and then react? Surprised a company as large as IB would even comment on the fact that it costs $1000 so you can't do anything right now. In my opinion, that seems somewhat irresponsible, especially when it amounts to the price of a few 1-year vBulletin licenses.

        Anyone else agree?

        *sigh*

        Comment

        • In Omnibus
          Senior Member
          • Apr 2010
          • 2310

          #5
          No, I don't agree. Nobody with any business sense would agree to be extorted to answer a question which will eventually be answered in any case.

          Comment

          • smirkley
            Senior Member
            • Feb 2008
            • 525
            • 4.0.0

            #6
            Trust me,... vb will find and fix the exploit.

            $1k is not much to spend for protecting their premier product line.

            Probably already done with a patch being built as I type.

            Bet on it.

            Comment

            • miner
              Senior Member
              • Jun 2005
              • 263
              • 4.2.X

              #7
              Sure vB.com will release patch soon! why should we spend extra money to safeguard our site, its not free script anyway.

              Comment

              • Wayne Luke
                vBulletin Technical Support Lead
                • Aug 2000
                • 73976

                #8
                We'll investigate but we'll not stoop to paying blackmail. Any such costs of the blackmail will almost always be passed on the customer.

                However, we are looking into the allegations and so far we haven't found anything viable. If we do, we will let you know.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment

                • Wayne Luke
                  vBulletin Technical Support Lead
                  • Aug 2000
                  • 73976

                  #9
                  Someone forwarded the code from the first exploit and it does not work on a default installation of vBulletin 3 or 4. vBulletin 5 does not have a showthread.php file which is what the exploit reportedly gains access through.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment

                  • niceguy2010
                    Member
                    • Jan 2006
                    • 43
                    • 3.0.7

                    #10
                    Originally posted by Wayne Luke
                    We'll investigate but we'll not stoop to paying blackmail. Any such costs of the blackmail will almost always be passed on the customer.
                    At first I was worried about my production sites going offline. Now I have to worry about costs being forwarded to me the customer.

                    lol

                    You don't disappoint me often vBulletin, but I applaud you for this response.

                    Comment

                    • trackpads
                      Senior Member
                      • Aug 2003
                      • 486

                      #11
                      Originally posted by niceguy2010
                      At first I was worried about my production sites going offline. Now I have to worry about costs being forwarded to me the customer.

                      lol

                      You don't disappoint me often vBulletin, but I applaud you for this response.
                      Why pay when there is no proof that this is real? You are trusting some moron on the internet who 'claims' to have hacked VB. Why on earth would someone pony up the cash to 'see' if it is for real? I could create screenshots just like those in Photoshop in 10 minutes.

                      I suddenly have an idea for extra Christmas money.... Be back in 10 minutes!

                      -Jason
                      sigpic

                      Comment

                      • Warbirdz
                        New Member
                        • May 2007
                        • 12
                        • 3.6.x

                        #12
                        well my vBulletin site got hacked today. I'm no expert but the seemed to have changed something in the js folder. I replaced that, and a few other folders as well as all the vBulletin files and it's back online. i'm upgrading to V5.0

                        Comment

                        • betterthanyours
                          Senior Member
                          • May 2012
                          • 110

                          #13
                          Upgrading the vB5 won't necessarily resolve your issue. You might want to check access and error logs
                          http://www.unrealkillers.com | unrealtournament 1999 | siege | combogib | bunnytrack | instagib ctf

                          Comment

                          • Mark.B
                            vBulletin Support
                            • Feb 2004
                            • 24286
                            • 6.0.X

                            #14
                            Originally posted by Warbirdz
                            well my vBulletin site got hacked today. I'm no expert but the seemed to have changed something in the js folder. I replaced that, and a few other folders as well as all the vBulletin files and it's back online. i'm upgrading to V5.0
                            There are no known expoits in vBulletin 4.2.0 or 4.1.12 and upgrading a production site to vB5 is not advisable as it is in beta.

                            Please review THIS thread for advice on securing your installation, and check your access logs for any suspect activity. You need to establish how the attacker gained access, it will almost certainly have been either via a modification, via the server, or via weak passwords.

                            If you need further assistance please start your own thread with full details of the problem.
                            MARK.B
                            vBulletin Support
                            ------------
                            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                            Comment

                            • Zachery
                              Former vBulletin Support
                              • Jul 2002
                              • 59097

                              #15
                              We've received a copy of one of the supposed "exploits" it doesn't do anything. Looks like a fishing scam for money.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...