Announcement

Collapse
No announcement yet.

Exploit to Gather Administrator Password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Exploit to Gather Administrator Password

    It looks like there is an exploit to to gaining administrator passwords for vBulletin 4.0.0 - 4.1.3

    Unfortunately, our site at Spoofee.com has been a victim and the hacker spammed all our users today.

    Is there a fix for this? Would updating to 4.1.4 beta fix the issue?

    http://webcache.googleusercontent.co...www.google.com

    http://webcache.googleusercontent.co...www.google.com

  • #2
    I cannot believe people are allowed to host such websites, this should be classed as terrorism.

    Comment


    • #3
      @acwatts
      Unfortunately, there's no law against noobism.

      I'm pretty sure those threads are about this exploit:
      Last edited by Trevor Hannant; Mon 30 May '11, 5:26am. Reason: Link removed

      Comment


      • #4
        Is this issue fixed on the latest release? Looks like it could be this one?
        http://www.vbulletin.com/forum/showt...Security-Patch

        Comment


        • #5
          There is no known security issue with 4.1.3 that would cause this.

          Please see this thread on how to make your vBulletin more secure:

          http://www.vbulletin.com/go/secure
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #6
            yeah pay $15 for something that is not possible and get ripped of MD 5 hashes are impossible to decrypt.... unless maybe with some superstrong computer and year(s) of patience.The posters who say he is is legit is probably the same guy under another account

            Comment


            • #7
              might be....
              vBulletin Hosting - Building my Automotive Forum Network...
              vBulletin FAQ - Lincoln vs Cadillac - Mopar Forum - Car Audio Forum - E Body Mopar Forum - B Body Mopar Forum
              Pick Up Truck Forum - C Body Mopar Forum - FMJ Body Mopar Forum - Willys and Jeep Forum

              Comment


              • #8
                The fact is, someone hacked our site and got the administrator password on my vBulletin 4.1.2. The password was totally random with capitals, special characters and numbers so it was not brute force.

                Comment


                • #9
                  4.1.2 or 4.1.2sp1? There was a problem with 4.1.2 that might be exploitable that way, however that was fixed in 4.1.3 (and with patch releases for previous versions).
                  Kevin

                  Comment


                  • #10
                    Originally posted by acwatts View Post
                    I cannot believe people are allowed to host such websites, this should be classed as terrorism.
                    It's a site for game cheats, how exactly is that like terrorism..lmao?

                    Maybe I'm missing the real reason for the site

                    oh, maybe you're talking about the hacking site?

                    still not the same as terrorism
                    -- Web Developer for hire
                    ---Online Marketing Tools and Articles

                    Comment


                    • #11
                      Originally posted by Loco.M View Post
                      It's a site for game cheats, how exactly is that like terrorism..lmao?

                      Maybe I'm missing the real reason for the site

                      oh, maybe you're talking about the hacking site?

                      still not the same as terrorism
                      Read what I wrote, "it should be classed as terrorism" at the end of the day it's electronic terrorism. They do nothing but disrupt and cause financial loss to peoples lives.

                      Comment


                      • #12
                        Originally posted by acwatts View Post
                        Read what I wrote, "it should be classed as terrorism" at the end of the day it's electronic terrorism. They do nothing but disrupt and cause financial loss to peoples lives.
                        Fun terrorist!

                        Comment


                        • #13
                          Originally posted by ChemicalKicks View Post
                          Fun terrorist!
                          You would not call it that if someone hacked your bank and stole your money. ?

                          Comment


                          • #14
                            Originally posted by acwatts View Post
                            Read what I wrote, "it should be classed as terrorism" at the end of the day it's electronic terrorism. They do nothing but disrupt and cause financial loss to peoples lives.
                            I did read what you said, now I'll quote my post so you can re-read it as well

                            oh, maybe you're talking about the hacking site?

                            still not the same as terrorism
                            -- Web Developer for hire
                            ---Online Marketing Tools and Articles

                            Comment


                            • #15
                              Originally posted by Loco.M View Post
                              I did read what you said, now I'll quote my post so you can re-read it as well
                              If hacking is not a problem or terrorism why did the US go after those who hacked in to the pentagon/NASA. ? They were only having a bit of fun hey.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X