New Security Issue in VB?

Discussion in 'vBulletin Discussions' started by Autopilot, Aug 24, 2013.

  1. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
  2. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    Im not reading 9 pages, but the original post seems to point to a vbseo vulnerability.

    Its also running vb 3.87, which is not affected by the install hack.
     
  3. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    No. But that vulnerability also has nothing to do with the topic of this thread.

    Look, Autopilot, you're in way over your head here. Spend some time doing some basic research.

    If you like, I can point you to some threads that might educate you, but I'm not going to bother if you don't commit to actually reading them.
     
    Last edited: Sep 16, 2013
    Joeychgo likes this.
  4. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    No. There were a lot of suggestions, especially from vBulletin support, that it had to do with vBSEO but that was a red herring. The reality is that a lot of non-vBSEO forums got hit with the same issue.

    I have disinfected and hardened numerous forums who got hit with the redirect exploit. The culprit is, again and not surprisingly, weak passwords and bad directory and file permissions.
     
    Dan Hutter and Joeychgo like this.
  5. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    I don't doubt it. I just took a quick glance and saw references in the code to vbseo -- like I said, im not reading 9 pages.
     
  6. Lizard King

    Lizard King Regular Member

    Joined:
    Jun 9, 2012
    Messages:
    154
    Likes Received:
    157
    Unless vBulletin fixes the issue with Install directory , no one can recall vBulletin as a secure script.

    Advising people to delete Install folder instead of fixing the actual vulnerability is the most stupid excuse i've ever heard from any company that sells paid scripts.

    Fixing the vulnerability is vBulletin Teams responsibility against paying customers. Any existing customer can go to small courts and claim damages from vBulletin because they still didn't fix the issue imo
     
    Autopilot likes this.
  7. Caddyman

    Caddyman engiwebmastechanic

    Joined:
    Sep 12, 2013
    Messages:
    63
    Likes Received:
    36
    Location:
    Delaware
    lol i got hit by that one too, did a number on my traffic as i wasn't being a good admin and watching. i was running vbseo at the time. i have no other details.
     
    Autopilot likes this.
  8. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @Lizard King That's a good point and there isn't any reason why they can't fix this particular issue as some no cost forum script will not even allow access to anything other than ACP keeping the forum access closed until that directory is either removed or renamed.
     
  9. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @Caddyman When your forum got hit did you still have the install directory or was it previously removed?
     
  10. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    The install folder IS the vulnerability. Removing the install folder fixes the vulnerability.
     
  11. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    I've already told you that vulnerability had nothing to do with the install folder. That one has been hitting forums with and without vBSEO for a good 2-3 years and they exploit file and directory permissions and weak passwords.
     
  12. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    I guess as usual you missed reading the other posts that the install folder IS NOT the only vulnerability. It's just one of many in VB
     
  13. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    This is slightly incorrect because, as someone mentioned earlier in this thread (I believe), if you are upgrading, then you are vulnerable to the exploit and that just shouldn't be possible at all, at any time.

    Oh, and having it HTACCESS protected is not the solution either, because not all users of the software can create such a protection.

    Scott
     
    Autopilot likes this.
  14. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    @Autopilot Good grief, man. I give up. You are either being intentionally obtuse or you're simply not very bright. Obviously, there are other issues that lead to hacking, which is what I have said in the other thread. THIS issue is the install folder and the presence of certain files in that folder AFTER the installation is finished.
     
  15. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    You should get your story straight. First you say the install folder is the vulnerability and in the next breath you say the vulnerability has nothing to do with the install folder. Which is it?
     
  16. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    No its the FILES that are the vulnerability one of the files is doing something that it should not do. Its a development problem one of the files is setting up a administrator while there are all ready administrator(s), so the script can check if administrator exist if so don't allow new administrator. The argument of that the script can be altered well true but if they can alter one script they can alter others to and their easier ways becoming administrator if you can alter a script.
     
    Autopilot likes this.
  17. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Again with the person attacks. You can't prove or state your opinion about an issue without attacking people? Not very professional of you. Bad-bastard manipulation. You tend to use a lot of fallacies when relating to people. You find it difficult to accept that you are not the only person with a different opinion? I don't see anyone abusing you when they disagree with you.
     
  18. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    @Autopilot

    Again the only known security issue at this time is the /install and /core/install there is a workaround remove the install directory, problem solved.

    At the moment there are no other issues i have checked 0day exploits and there is nothing at this moment. If you know something else please link to the exploit or where its posted that there are more issues with security, linking to Sucuri is not needed because the only issue there at this time is the /install and /core/install. So what many issues are there or are you trying to do FUD or are you just trolling.

    Hacks like the Ubuntu forum are not because of vBulletin but lake of security by people running the board.
     
    djbaxter likes this.
  19. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @we_are_borg If you do a google search for "vbulletin vulnerabilities" you'll find all the links you need.
    Why is it that when someone has a difference of opinion that you don't agree with you assume they are are trolling?
     
  20. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    *sigh* One last time. Those are two very different and separate issues: one is the file redirect issue and the other is the exploit that allows an attacker to set himself up as an Admin.

    Got it, finally? Sheesh.
     

Share This Page