vBulletin Bug / Exploit

**stryka** · Tue 29 Jan '08, 12:44pm

are you sure you mean Beta 3? Cuz Beta 4 is out... or maybe the exploit exists in both... oh well... it is a Beta product... if this is a valid issue then they will patch it up quickly...

**boogie box high** · Tue 29 Jan '08, 1:16pm

interesting, hacked vb3.7. beta 3 running vb3.6.8? lol.

mmoccforum.com:

tell me, how they could hack beta3 if this mmm forum is running vb3.6.8.?

spam.

**Jobe1986** · Tue 29 Jan '08, 1:23pm

Originally posted by boogie box high

interesting, hacked vb3.7. beta 3 running vb3.6.8? lol.

mmoccforum.com:

tell me, how they could hack beta3 if this mmm forum is running vb3.6.8.?

spam.

They had a message up a lil while ago saying they had to revert to a previous backup BECAUSE they were hacked.

**Onimua** · Tue 29 Jan '08, 1:37pm

There's not enough information there. Was there any modifications installed? Was there an easy-to-guess password set? Was there any other applications (not necessarily installed to vBulletin) that could've been exploited?

**ManagerJosh** · Tue 29 Jan '08, 6:22pm

I too am raising my eyebrow at this. I have my doubts at the validity since I've yet to be a victim of such an attack.

**Cen** · Tue 29 Jan '08, 9:58pm

This website that is apparently "hacking" websites is doing it locally, websites that are related to Habbo Hotel such as Ragezone, MMOCCForum and HabboHotel fansites themselves.

Indeed MMOCCF downgraded to up their security, unfortunately there is not enough information provided but i will keep you all updated with the situation.

**Danieldude** · Tue 29 Jan '08, 10:01pm

I can confirm that MMOCCForum was always running vbulletin 3.6.8, never 3.7 (I'm an administrator over at those parts).

Similarly, websites such as habbohut.com have had the same problems earlier this month.

**Onimua** · Tue 29 Jan '08, 10:45pm

That's still not giving the details about what was installed onto the site, and if there was any modifications, easy to guess passwords, other possible vulnerable applications, etcetera.

It's that key information that is vital in telling whether or not it is vBulletin with the security flaw (doubtful but possible) or not.

**Danieldude** · Tue 29 Jan '08, 11:17pm

Originally posted by Onimua

That's still not giving the details about what was installed onto the site, and if there was any modifications, easy to guess passwords, other possible vulnerable applications, etcetera.

It's that key information that is vital in telling whether or not it is vBulletin with the security flaw (doubtful but possible) or not.

No, nothing was accessed through the admincp. I was informed that it was an sql injection.

Regardless, I messaged vbulletin support with additional information on the matter.

**Jobe1986** · Tue 29 Jan '08, 11:28pm

Originally posted by Danieldude

No, nothing was accessed through the admincp. I was informed that it was an sql injection.

His point was that sql injection requires vunerable code. And vBulletin have a history of NOT having sql inject vunerable code, leaving only yhte option of a vBulletin mod that does have sql inject vunerable code.

**Trevor Hannant** · Tue 29 Jan '08, 11:33pm

Can't recall anyone posting here about being hacked due to an exploit in vB code directly - all seem to have been running add-ons/plugins/mods which have cuased the problem.

As someone who suffered an attack in the past, it was caused by FlashChat which was tied in to my boards, not the board software itself.

**Wayne Luke** · Wed 30 Jan '08, 4:31am

Originally posted by Jobe1986

They had a message up a lil while ago saying they had to revert to a previous backup BECAUSE they were hacked.

The site in question did not even download vBulletin 3.7.0 beta 3 and only downloaded beta 4 yesterday.

If there was such an easily accessible exploit, don't you think someone would have attacked this site? We get hit with DDOS attacks a couple times a year so it isn't like people aren't afraid to test our resources.

Everyone should follow these steps:

How To Make My Forums More Secure - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=194701

**Jobe1986** · Wed 30 Jan '08, 9:24am

Originally posted by Wayne Luke

The site in question did not even download vBulletin 3.7.0 beta 3 and only downloaded beta 4 yesterday.

That was just how I interpreted the message they had on display when I visited their site. Sorry.

**Cen** · Wed 30 Jan '08, 10:02am

Hi,

Sorry that the version was incorrect, i couldn't find the current version on show and from what i recall MMOCCF upgraded versions a few weeks ago but must have downgraded due to incompatibility with the skins etc etc.

Im not sure what addons MMOCCF actually run, if Daniel can actually post a list that would be great.

Cheers,
Dan

vBulletin Bug / Exploit

vBulletin Bug / Exploit

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment