Announcement

Collapse
No announcement yet.

Questions about security bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Questions about security bug

    Hello,

    Our website was also inffected in the last days by attackers.

    I would like to know if this exploit allowed hackers to read files (for example, config file where database password is stored), in order to know if they could get credentials for database. Off course, our database server is not accessible from outside server but anyways... I also would like to know if they could have make some SQL injection in order to know if I should check database or restore a previous backup.

    Thank you very much.

  • #2
    You should assume that they could. We don't know what they did to your specific server and it isn't one person exploiting the issue the patch fixes.

    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Originally posted by Ralffan View Post
      I also would like to know if they could have make some SQL injection in order to know if I should check database or restore a previous backup.
      With this exploit they (hackers) don't even need to use SQL injections. With this exploit, they have shell access. They can simply read-out config.php using basic linux commands to see your database credentials, then connect to your database internally via that same shell, perform a sql dump and steal or modify the database. SQL injections are not even close to the severity of this exploit.

      Comment


      • #4
        Originally posted by LBS View Post
        With this exploit they (hackers) don't even need to use SQL injections. With this exploit, they have shell access. They can simply read-out config.php using basic linux commands to see your database credentials, then connect to your database internally via that same shell, perform a sql dump and steal or modify the database. SQL injections are not even close to the severity of this exploit.
        I use windows but I guess it's the same. Is it also possible for attackers to gain access to other directories or only web directory?

        Comment


        • #5
          Originally posted by Ralffan View Post
          I use windows but I guess it's the same. Is it also possible for attackers to gain access to other directories or only web directory?
          It really depends on the exploit they used and how you have your machines configured. If your web sites run in a Virtual Machine, they could get access to that Virtual Machine but not the machine as a whole. Again depending on how things are configured. If your IIS User has limited access to the machine, they could possibly access whatever that user can. if they can take advantage of other processes from the command line, then they can access the entire machine.

          The issue in vBulletin is a vector that allowed access. The patch closes that vector. What they did with that access, depends on your server configuration and isolation.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #6
            Ok, thank you for explanation. Just wanted to know what they could potentially have done in order to know what should I check... I wish I had my webserver isolated in a virtual machine, would have been a great thing to do... Now I can only regret and spend time in order to make sure everything looks correct.

            Thank you again for your help.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X