Exploiting MY Vbulleting system

Discuss the many weaknesses of browser security and ways to mitigate the threat

Exploiting MY Vbulleting system

Post by HellBomb on Tue Jun 30, 2009 4:34 am
([msg=26037]see Exploiting MY Vbulleting system[/msg])

Well, my delema is that i have been hearing that there is several ways to hack into vbulletin and i was wondering if someone could help me figure out how people are doing it and how i can fix this. I am quite skilled with vbulletin(I have been messing with it for several months, including the vbulletin script itself and the mysql databases) but i have not looked at it from a hackers point of view.

What i am hoping to learn
- How exactly people hack into the website without know the password of users account(s).
- How people get access to Mysql databses and how to prevent.
HellBomb
New User
New User
 
Posts: 2
Joined: Tue Jun 30, 2009 4:23 am
Blog: View Blog (0)


Re: Exploiting MY Vbulleting system

Post by The7thGuest on Tue Jun 30, 2009 5:58 am
([msg=26038]see Re: Exploiting MY Vbulleting system[/msg])

My main suggestion would be to make sure you have the most updated version of Vbulletin.

There are tons of way especially when we start looking at third party modules/scripts loaded on your instance of Vbuletin.
It doesn't sound to me like your interested in how hackers get past conventional security methods, your just interested in Vbulletin, a list of known exploits can be found at packet storm (just google for packet storm + vbulletin + exploit)

These are exploits which specifically target Vbulletin, it won't be of much use anywhere else, unless you take the core of what the exploits are doing and adjust/update it to form a new, more relevant exploit.

If you can provide the community with the version you are currently running they might be of better assistance?
For your own site's safety I'm going to recommend that you don't post the URL of your site, with the version where we are discussing possible security risks, google does index these posts and someone with less good intentions might stumble upon it.
The7thGuest
Experienced User
Experienced User
 
Posts: 60
Joined: Thu Jun 18, 2009 3:57 pm
Blog: View Blog (0)


Re: Exploiting MY Vbulleting system

Post by HellBomb on Tue Jun 30, 2009 2:45 pm
([msg=26050]see Re: Exploiting MY Vbulleting system[/msg])

My main suggestion would be to make sure you have the most updated version of Vbulletin.

There are tons of way especially when we start looking at third party modules/scripts loaded on your instance of Vbuletin.
It doesn't sound to me like your interested in how hackers get past conventional security methods, your just interested in Vbulletin, a list of known exploits can be found at packet storm (just google for packet storm + vbulletin + exploit)

These are exploits which specifically target Vbulletin, it won't be of much use anywhere else, unless you take the core of what the exploits are doing and adjust/update it to form a new, more relevant exploit.

If you can provide the community with the version you are currently running they might be of better assistance?
For your own site's safety I'm going to recommend that you don't post the URL of your site, with the version where we are discussing possible security risks, google does index these posts and someone with less good intentions might stumble upon it.


Well atm i am currently running vbulletin 3.8.1
HellBomb
New User
New User
 
Posts: 2
Joined: Tue Jun 30, 2009 4:23 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests