Announcement

Collapse
No announcement yet.

vBulletin Bug / Exploit

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin Bug / Exploit

    I've also forwarded this to the vBulletin team directly.

    There seems to be a leak in the latest version of vBulletin 3.7 BETA3. This bug enables an attacker to access your forum and gain full access to send out mass emails and pursue into template edits redirecting your forum to theirs. We aren't too sure on what the issue is as of yet, we are hoping that the vBulletin team can fix this for us. There is a website by the name of *****.org (Blanked out due to identity purposes) Which have been taking major advantage of this leak and attacking the more popular forums running this version of vBulletin. The most recent website which they have attacked is mmoccforum.com.

    I do hope this bug can become fixed soon as its putting the more active forums at risk.

    Cheers,
    Dan
    I'm not attempting to cause a panic, im just warning you until the situation is resolved that there is an exploit somewhere.
    Last edited by Cen; Thu 31 Jan '08, 12:33pm.

  • #2
    are you sure you mean Beta 3? Cuz Beta 4 is out... or maybe the exploit exists in both... oh well... it is a Beta product... if this is a valid issue then they will patch it up quickly...

    Comment


    • #3
      interesting, hacked vb3.7. beta 3 running vb3.6.8? lol.

      mmoccforum.com:
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
      <meta name="generator" content="vBulletin 3.6.8" />
      tell me, how they could hack beta3 if this mmm forum is running vb3.6.8.?

      spam.

      Comment


      • #4
        Originally posted by boogie box high View Post
        interesting, hacked vb3.7. beta 3 running vb3.6.8? lol.

        mmoccforum.com:


        tell me, how they could hack beta3 if this mmm forum is running vb3.6.8.?

        spam.
        They had a message up a lil while ago saying they had to revert to a previous backup BECAUSE they were hacked.
        http://data.collectiveirc.net/status/user/Jobe.png

        Comment


        • #5
          There's not enough information there. Was there any modifications installed? Was there an easy-to-guess password set? Was there any other applications (not necessarily installed to vBulletin) that could've been exploited?
          Congratulations on the death of vBulletin, Internet Brands.

          Comment


          • #6
            I too am raising my eyebrow at this. I have my doubts at the validity since I've yet to be a victim of such an attack.
            ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
            Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

            Comment


            • #7
              This website that is apparently "hacking" websites is doing it locally, websites that are related to Habbo Hotel such as Ragezone, MMOCCForum and HabboHotel fansites themselves.

              Indeed MMOCCF downgraded to up their security, unfortunately there is not enough information provided but i will keep you all updated with the situation.

              Comment


              • #8
                I can confirm that MMOCCForum was always running vbulletin 3.6.8, never 3.7 (I'm an administrator over at those parts).

                Similarly, websites such as habbohut.com have had the same problems earlier this month.

                Comment


                • #9
                  That's still not giving the details about what was installed onto the site, and if there was any modifications, easy to guess passwords, other possible vulnerable applications, etcetera.

                  It's that key information that is vital in telling whether or not it is vBulletin with the security flaw (doubtful but possible) or not.
                  Congratulations on the death of vBulletin, Internet Brands.

                  Comment


                  • #10
                    Originally posted by Onimua View Post
                    That's still not giving the details about what was installed onto the site, and if there was any modifications, easy to guess passwords, other possible vulnerable applications, etcetera.

                    It's that key information that is vital in telling whether or not it is vBulletin with the security flaw (doubtful but possible) or not.
                    No, nothing was accessed through the admincp. I was informed that it was an sql injection.

                    Regardless, I messaged vbulletin support with additional information on the matter.

                    Comment


                    • #11
                      Originally posted by Danieldude View Post
                      No, nothing was accessed through the admincp. I was informed that it was an sql injection.
                      His point was that sql injection requires vunerable code. And vBulletin have a history of NOT having sql inject vunerable code, leaving only yhte option of a vBulletin mod that does have sql inject vunerable code.
                      http://data.collectiveirc.net/status/user/Jobe.png

                      Comment


                      • #12
                        Can't recall anyone posting here about being hacked due to an exploit in vB code directly - all seem to have been running add-ons/plugins/mods which have cuased the problem.

                        As someone who suffered an attack in the past, it was caused by FlashChat which was tied in to my boards, not the board software itself.
                        Vote for:

                        - *Admin Settable Paid Subscription Reminder Timeframe*
                        -
                        *PM - Add ability to reply to originator only*
                        - Add Admin ability to auto-subscribe users to specific channel(s)
                        - "Quick Route" Interface...

                        Comment


                        • #13
                          Originally posted by Jobe1986 View Post
                          They had a message up a lil while ago saying they had to revert to a previous backup BECAUSE they were hacked.
                          The site in question did not even download vBulletin 3.7.0 beta 3 and only downloaded beta 4 yesterday.

                          If there was such an easily accessible exploit, don't you think someone would have attacked this site? We get hit with DDOS attacks a couple times a year so it isn't like people aren't afraid to test our resources.

                          Everyone should follow these steps:
                          http://www.vbulletin.com/forum/showthread.php?t=194701
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment


                          • #14
                            Originally posted by Wayne Luke View Post
                            The site in question did not even download vBulletin 3.7.0 beta 3 and only downloaded beta 4 yesterday.
                            That was just how I interpreted the message they had on display when I visited their site. Sorry.
                            http://data.collectiveirc.net/status/user/Jobe.png

                            Comment


                            • #15
                              Hi,

                              Sorry that the version was incorrect, i couldn't find the current version on show and from what i recall MMOCCF upgraded versions a few weeks ago but must have downgraded due to incompatibility with the skins etc etc.

                              Im not sure what addons MMOCCF actually run, if Daniel can actually post a list that would be great.

                              Cheers,
                              Dan

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X