New vB exploit

[Claudio]

It seems a fake:

Someone forwarded the code from the first exploit and it does not work on a default installation of vBulletin 3 or 4. vBulletin 5 does not have a showthread.php file which is what the exploit reportedly gains access through.

 

[0xym0r0n]

Buy it and do a damn chargeback... lol

 

[steven s]

Both vBulletin 3, and vBulletin 4 have uniquely salted hashed passwords.

That's probably not the answer anyone wanted to hear.

On the lines of sql injection. My v3 site was hacked a couple weeks ago.
Someone on vB sent be a PM suggesting which addon it was. I don't think it was that addon since another site was hacked using a similar method not having the same addon.

They managed to add a script that added 3 adsense banner ads to my header template with their pub id.
I'd delete it and a cron job would reinstall it.
I had to clean up my datastore and pluginlist table.
It would have gone unnoticed for a month except for the fact that I only have 1 banner ad and now 3.
They also changed one of my php files.

 

[captainslater]

It seems the exploit is only possible with some special add-ons installed.
So no need for bashing please.

 

[Banana Pup]

incoming vB fan boys.. oh wait, they are already in the thread.

 

[steven s]

incoming vB fan boys.. oh wait, they are already in the thread.

Not at all.
I thought the OP was informative since I don't frequent vb.com that much.
Whether it was meant to be informative or the point was to bash vB once again, I won't make a judgement.
But these threads serve no purpose other than to bash vB.
I guess if it makes everyone feel good, so be it.

Don't get me wrong. I hope the lawsuit will be a thing of the past and we all can move on with xf.

 

[craigiri]

incoming vB fan boys.. oh wait, they are already in the thread.

Yeah, I had a chuckle about that one.....I never needlessly bash anyone, but considering what IB has been doing which affects me and actually millions (the wiki thing, XF thing, etc.)...IF I was going to bash, I would feel quite right about using them as a target!


This world is full of forgiveness. Anytime they decide to, they can rejoin the ranks of all the people and companies making the world a better place through the internet. But it ain't gonna happen with their game of faux monopoly.

 

[Paul M]

incoming vB fan boys.. oh wait, they are already in the thread.

Yes, right there with the IB haters who jumped in after about three posts, with the usual anti vB / IB nonsense.


Oh, btw, just getting back to the actual topic for a second, the so called "exploit" fails to do anything on a default vB3/4/5 forum.

 

[steven s]

Yes, right there with the IB haters who jumped in after about three posts, with the usual anti vB / IB nonsense.


Oh, btw, just getting back to the actual topic for a second, the so called "exploit" fails to do anything on a default vB3/4/5 forum.

Two pages too late.

 

[Slavik]

And thats enough of this.