Results 1 to 10 of 11
-
25th Sep 2009, 01:26 AM#1
OPSuper Member
Redirection hack - turkish hackers exploiting vbulletin
Okay, my host emailled me today assuring it was nothing to do with the host
here is the fix:
Just to help out other forums in need (our forum threads end up high in google, so someone else might stumble across it with the same issue we had).
Vbulletin 3.54 and higher contains a html exploit. Malicious html code can be inserted in a thread title if the forum has not been patched with the following fix (note: Other versions haven't been tested yet).
Open up newthread.php
Find 'subject' => TYPE_STR,
Replace it with
'subject' => TYPE_NOHTML,
Top X stats also seems to contain an issue allowing a similar exploit. It does not filter out html from thread titles.
A fix can be found here.
Note that no real harm can be done to your server when someone used the above exploit.
source:
http://www.c4dportal.com/forum/showthread.php?t=560Sp32 Reviewed by Sp32 on . Redirection hack - turkish hackers exploiting vbulletin Okay, my host emailled me today assuring it was nothing to do with the host here is the fix: Just to help out other forums in need (our forum threads end up high in google, so someone else might stumble across it with the same issue we had). Vbulletin 3.54 and higher contains a html exploit. Malicious html code can be inserted in a thread title if the forum has not been patched with the following fix (note: Other versions haven't been tested yet). Open up newthread.php Find Rating: 5
So kiss me and smile for me, say that you'll wait for me <'3
-
25th Sep 2009, 01:37 AM#2
MemberWebsite's:
ibymegaupload.comThanks for sharing
Inside of each man lives a muscle-bound ape who can lift mountains in the weight room, please a dozen women at a time, then sleep like a bear during its hibernation for 8 hours and be ready to do it all again the next day.
-
25th Sep 2009, 02:45 AM#3
BannedWebsite's:
hd-eroticpictures.comipb > vb
nuff said
-
25th Sep 2009, 11:46 AM#4
Member
kl ty.
-
25th Sep 2009, 03:04 PM#5
MemberWebsite's:
WareztheDDL.com GTFO.wsdude... this is from 2006 lmao
' 09-06-2006, 05:07 PM'
im pretty sure releases of vb since then have made sure this vulnerability does not happen.
-
25th Sep 2009, 03:29 PM#6
OPSuper Member
Open up newthread.php
Find 'subject' => TYPE_STR,
Replace it with
'subject' => TYPE_NOHTML,
They still didn't change it to nohtml
and its still happening, so might as well post it here :-)
So kiss me and smile for me, say that you'll wait for me <'3
-
25th Sep 2009, 03:34 PM#7
MemberWebsite's:
WareztheDDL.com GTFO.wsoh ok, if its still a vun, thanks sp
-
9th Oct 2009, 05:22 PM#8
Banned
hmm just noticed typing "&" in a title you get "&" if you use this patch
-
10th Oct 2009, 04:59 AM#9
OPSuper Member
yeah I noticed that today as well
So kiss me and smile for me, say that you'll wait for me <'3
-
10th Oct 2009, 05:05 AM#10
Banned
hmm im lost
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
vBulletin 3 Login redirection page help
By tractor3231 in forum vBulletinReplies: 2Last Post: 23rd Sep 2011, 05:29 AM -
Which Turkish forums you post to ? (for turkish members of this place)
By djkelaj in forum File Host DiscussionReplies: 6Last Post: 20th Jun 2011, 05:50 PM -
Hackers start exploiting Patch Tuesday vulnerability
By ShareShiz in forum News & Current EventsReplies: 0Last Post: 19th Jun 2011, 05:55 PM -
about hide hack in Vbulletin
By mastercho in forum vBulletinReplies: 7Last Post: 4th Mar 2011, 08:44 PM -
Redirection Hack:: Protect urself
By deepakblr in forum Webmaster DiscussionReplies: 2Last Post: 24th Sep 2009, 11:46 PM
Staff Online
themaCreator - create posts from...
Version 3.47 released. Open older version (or...