Announcement

Collapse
No announcement yet.

Vbulletin Security Issues, Serious Exploit

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vbulletin Security Issues, Serious Exploit

    I had a user hack my forums using something called "directory traverse execute" which I don't know much about. Another moderator saved a conversation with this user.

    T3ckn0liG:I'm just too good at computers and SQL
    Slo86TA: I need to know specifics so that I can close it or have mike close it
    T3ckn0liG:directory traverse execute
    Slo86TA: if you can get in, others can get in and damage the board
    T3ckn0liG:Its a common Apache exploit


    What is a method of dealing with this problem? Has anyone else experinced it. The user was able to access every part of the website, change users avatars, edit user names, delete and edit posts.

    He did all of this and a few more during the time.

    I want to put an end to this back door ASAP. Advice is appericated.
    Michael Key - www.mikekey.com
    www.hrfbody.com - Hampton Roads F-Body

  • #2
    What version of Apache are you using, and on what OS. I seem to remember DTE from Windows Permissions? Besides, if it's a "common exploit" it would have been patched long ago.

    Comment


    • #3
      Which operating system does your apache web server run on? Windows or Linux?

      Comment


      • #4
        Let me check with my providers. I'll update you guys, this might not be a problem to vbulletin as much as it is a server exploit.
        Michael Key - www.mikekey.com
        www.hrfbody.com - Hampton Roads F-Body

        Comment


        • #5
          http://xforce.iss.net/xforce/xfdb/9808

          Comment


          • #6
            Server is running FreeBSD digitalinet.com 4.2-STABLE FreeBSD 4.2-STABLE #0: Fri Jan i386

            Apache/1.3.29 (Unix) FrontPage/5.0.2.2634 PHP/4.3.4 mod_ssl/2.8.16 OpenSSL/0.9.7c
            Michael Key - www.mikekey.com
            www.hrfbody.com - Hampton Roads F-Body

            Comment


            • #7
              "Note: This vulnerability only affects non-Unix installations of Apache HTTP Server"
              vBulletin v3.8.0's Implementation of Google Adsense Should Be Avoided At All Costs - Do Your Own Adsense Implementation

              Comment


              • #8
                I'm discussing this with my provider.
                Michael Key - www.mikekey.com
                www.hrfbody.com - Hampton Roads F-Body

                Comment


                • #9
                  Are you sure your directories aren't chmodded to (0)777 and/or without a index.php or index.html ? (like images/index.html). Make sure your directories include either index.php or an index.html if there isn't a index.php file. And check the permissions of your directories. Their rights might give users through browsers the permissions to execute.

                  Traverse means nothing more then going up and down in a directory, from/to directory.
                  Execute means nothing more then being able to execute a file.

                  So, the user (ab)uses the inherited permissions to get into other enclosed directories.
                  vBulletin comes with index.html files, so the user shouldn't be able to use vBulletin to slide in and browse around, .. but then again. I don't know how this specific exploit works that he used. In the end, yes, it is not a vBulletin security issue.

                  Comment


                  • #10
                    Everything is CHMOD to 777, otherwise I get access denied all the time. I have all the index files in place.
                    Michael Key - www.mikekey.com
                    www.hrfbody.com - Hampton Roads F-Body

                    Comment


                    • #11
                      777 = everybody always has access ..

                      Comment


                      • #12
                        Originally posted by floris
                        777 = everybody always has access ..
                        Maybe you should try the "executable" bit. 755

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X