Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by centris View Post
    I could have sworn that vbportal was running 3.5.4,
    it does

    Originally posted by centris View Post

    from the zone-h image I noticed it said 3.0.9
    that was vbportal.org a vbportal test site

    Comment


    • Thanks for clearing that up, I thought old age was catching up on me LOL

      Comment


      • Originally posted by centris View Post
        Thanks for clearing that up, I thought old age was catching up on me LOL
        Happens to us all mate cheers

        Comment


        • Originally posted by centris View Post
          [email protected] Ang

          Before you were hacked, had you applied the updated scripts that were available from vbportal prior to it going down again???
          i didn't know there was a patch...
          is the patch still available for download?
          www.poolfanatic.com
          ~ the catalyst in pool

          [email protected] Ang

          Comment


          • Well vbportals is still down so the short answer right now is no, but there were update scripts available at vbportals site.

            Comment


            • Actually, I just went there and it is up, and the files are posted.

              Look for the thread titled security audit. You will find the files in the first post.
              Just another squirrel trying to get a nut

              allthingsmoto.com, bodynspirit.net, & payinitoff.com

              Comment


              • A headsup to vbportal users: http://www.securityfocus.com/bid/19257

                Comment


                • What concerns me most about this is whether the hackers now have a nice list of sites to hack since our licensed URL was contained in our profiles at vbportal.

                  Since the exploit code is available and no updates appear to be coming from vbportal, can we potentially figure out some defensive strategies on our own? Have any PHP gurus had a look at the exploit code to try to understand the vulnerability? I'm a programmer, but don't know PHP well at all, so I find the exploit more than a little obtuse.

                  Are there any ideas as to how the code is getting put onto the server? Are they capturing cookies through an XSS hole so they can hijack the admin account, or is there somewhere in the vbportal UI that will execute uploaded code? Any ideas? I would rather work towards a solution than just wait like a sitting duck.

                  Comment


                  • I am still not convinced that this is solely a vbportal issue, I also read of a vbulletin XSS hack that was only a week or so since the notice was posted. The vbportal forums are online if you click the link, also an update that they are working on it.

                    Comment


                    • Originally posted by centris View Post
                      I am still not convinced that this is solely a vbportal issue, I also read of a vbulletin XSS hack that was only a week or so since the notice was posted. The vbportal forums are online if you click the link, also an update that they are working on it.
                      Yes there is patches on line at phpportals and we just had the vBulletin user table zapped again. vbPortal is off line, scripts were deleted and they still got in despite that. Theses people must have a grudge with us to sit there and continually do this.

                      Anyway the site is up and the patches are available, we are continuing our audit of the scripts and will keep all posted.

                      Comment


                      • Originally posted by centris View Post
                        I am still not convinced that this is solely a vbportal issue
                        At this point everything is just speculation, other than the facts that it is happening and there is currently no fix. My point was simply to stimulate some investigation among the user base rather than just sitting, waiting, and speculating.

                        Comment


                        • I also read of a vbulletin XSS hack
                          Send me a private message with the url please - and I will have a look.

                          Comment


                          • Originally posted by wajones View Post
                            we just had the vBulletin user table zapped again.
                            So they must now have a list of all the licensed sites, since that was a profile field?

                            Perhaps you should remove any profile fields that contain site identifiers before loading up the user db again?

                            Comment


                            • But are we sure this is a vbportal exploit and not a www service exploit or something else ?

                              I mean, perhaps you're looking at the wrong place.

                              Comment


                              • Originally posted by Floris View Post
                                Send me a private message with the url please - and I will have a look.
                                Done, though I would be interested in what you get when you click the link to view.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X