[Ars] High-severity vulnerability in vBulletin is being actively exploited - Page 2 - Overclock.net - An Overclocking Community
Forum Jump: 

[Ars] High-severity vulnerability in vBulletin is being actively exploited

Reply
 
Thread Tools
post #11 of 16 (permalink) Old 09-28-2019, 03:25 PM
AMD K6-2 500MHz
 
neurotix's Avatar
 
Join Date: Feb 2010
Location: The Wired
Posts: 4,409
Rep: 341 (Unique: 196)
Quote: Originally Posted by ENTERPRISE View Post
This version of VB is not affected.

That's excellent then.

My post was only to demonstrate proof of concept, of course, and illustrate really just how easy it would be, even for a single person. If it was someone/an organization (a criminal one) with infrastructure already set up, a botnet, etc. then it would be even easier.

Good to know OCN is protected.

CPU
Ryzen 9 3900X @ 4.5GHz CCD0 1.375v VID OC, 4.2GHz CCD1- 1900Mhz fclk/uclk
Motherboard
ASUS ROG Crosshair VIII Hero BIOS 1201
GPU
EVGA GTX 1080ti FTW3 2025/5940MHz
GPU
EVGA GTX 1080ti FTW3 2025/5940MHz
GPU
EVGA RGB SLI HB Bridge
RAM
G.SKILL Flare X B-Die 3200 C14 @ 3800MHz C14-16-15-15-30-48 1T 1.475v GDM off
Hard Drive
Samsung 970 Evo 500GB m.2 2280 PCI-E NVMe SSD
Hard Drive
WD Black 2TB
Hard Drive
WD Blue 4TB
Hard Drive
WD Blue 6TB
Hard Drive
Samsung 840 Evo SATA 256GB
Power Supply
COOLERMASTER V1000 (Seasonic 1000w 80+ Gold)
Cooling
Arctic Cooling Liquid Freezer II 38mm 360mm AIO
Cooling
Anidées AI-AUREOLA RGB fans x7
Cooling
Prolimatech PK-3 Nano 30g tube
Case
Anidées AI CRYSTAL AR3 RGB Midtower
Operating System
Debian Linux 10
Operating System
Win10 X64 Pro 1903 (gaming only), stripped down, updates blocked, Firewalled.
Monitor
LG 34WN80C 34" 3440x1440 21:9 IPS, 300 nit, HDR
Keyboard
GMMK v2 104 key | Kailh Box Jades | HyperX PBT pudding (for now)
Keyboard
OCN Ducky DK1008 MX Blues
Keyboard
Corsair K70 Lux red led/MX Reds
Keyboard
Rosewill K85 RGB Kailh/Kaihua Blue switches
Keyboard
Ducky One 2 RGB fullsize
Mouse
Redragon Chroma M710 RGB (Omron Switches)
Mousepad
Corsair Polaris RGB
Audio
Logitech G230 red
Audio
Logitech Z2300 2.1 120w 8" sub, w/ 40w satellites
Other
Phanteks RGB 5050/Digital RGB strips
Other
Respawn Black/Gray Racing Chair
CPU
Raspberry Pi 3B
Optical Drive
DENON DCD-560 CD Player, dual integrated 20bit Burr Brown PCM61P DAC's
Operating System
Kodi 17.2
Monitor
ASUS V238H 23" 1080p 60 Hz
Audio
Pioneer SX-255R Receiver, 4x 100w
Audio
TECHNICS SB-A32 Floor Standers, 4x8" polyurethane woofers, 100w/cabinet, 1" His and 3" Midrange
Audio
Polk Audio PSW-505 300w subwoofer, replaced woofer with CT SOUNDS TROPO 12" 4Ω DVC car sub wired in series, 8Ω, 300w
Audio
Kenwood GE-4030 Stereo Graphic Equalizer
Audio
TECHNICS RS-T18 dual tape deck
CPU
Motorola 68000 @ 7.8MHz
Motherboard
Macintosh SE logic board
Motherboard
Macintosh SE analog board (provides voltage + timing to CRT)
GPU
None. Graphics generated by ROM, OS and 68k (sans fpu)
RAM
NEC Electronics 80ns 9-chip 1MB SIMMs (four, 4MB total RAM)
Hard Drive
FloppyEmu Ver C in clear case, front-mounted, 500MB HFS .dsk file
Optical Drive
Sony 800KB Double-Sided floppy disk drive. Cleaned and relubricated
Power Supply
stock, 75W
Cooling
Single fan. Very small. (25mm?)
Cooling
Cage in the case itself provides convection cooling.
Case
Macintosh SE, platinum color, Snow White design language
Operating System
System Software 6.0.8 w/ Multifinder
Operating System
System Software 7.1 (rarely used; needed for Macintalk 2 speech synthesis)
Monitor
9" 1-bit (black and white) CRT, 512x342, 58Hz
Keyboard
Apple Desktop Bus Keyboard 1 (cleaned and restored.)
Mouse
Apple Desktop Bus Mouse 1 (cleaned)
Audio
Mono Speaker
Other
"Macintosh Toolbox" 128Kb ROM chip- accelerates OS/System calls
Other
Replaced soldered 3.6V PRAM battery liable to explode/leak w/ 3V lithium coin cell meant for Gameboy games.
▲ hide details ▲


neurotix is offline  
Sponsored Links
Advertisement
 
post #12 of 16 (permalink) Old 09-29-2019, 12:43 PM
New to Overclock.net
 
1Kaz's Avatar
 
Join Date: Feb 2013
Posts: 303
Rep: 11 (Unique: 11)
Quote: Originally Posted by epic1337 View Post
more and more people are getting into the security field, its only inevitable that they'd find security holes even in the most secure software.
That's only inevitable if people leave back doors open :/

If we could get hardware companies to quit building back doors, it would really help.

Last edited by 1Kaz; 09-29-2019 at 12:51 PM.
1Kaz is offline  
post #13 of 16 (permalink) Old 09-29-2019, 03:04 PM
ლ(╹ε╹ლ)
 
Join Date: Aug 2013
Posts: 8,134
Rep: 178 (Unique: 139)
Extremehw.net is already patched too


Duality92 is offline  
Sponsored Links
Advertisement
 
post #14 of 16 (permalink) Old 10-01-2019, 01:56 AM
RIP OCN
 
Join Date: Dec 2014
Posts: 644
Rep: 28 (Unique: 21)
Quote: Originally Posted by neurotix View Post
lol
I also used sed (as per the article) for a custom conky calendar
Code:
 {execpi 20000 LAR=`date +%-d`; ncal -bh | sed '2d' | sed -e '1d' -e 's/\<'$LAR'\>/${color1}&${color5}/' | sed ':a;N;$!ba;s/\n/\n${goto 28}/g'}
My desktop looks like this
Attachment 297866

I am not a malicious actor but I *highly* suggest VS patch the current code base for OCN against this immediately as it's literally as easy as copying the shell script out of that article, saving it as 'blahblahvbatk.sh' or something, and then figuring out some basic Bash shell scripts to control the site from a C&C server with an Apache install, through TOR over OpenVPN or something, and maybe a proxy. It would then be possible to ransom the admin panel, go in it and delete the SQL database, etc.
Huh? Why are you talking about your use of sed and posting pics of your desktop in this thread?

I wouldn't worry too much about an article posting the exploit code when sites like this: https://www.exploit-db.com or google project zero exist
anti-clockwize is offline  
post #15 of 16 (permalink) Old 10-01-2019, 04:50 AM
Senioritis Member
 
Lady Fitzgerald's Avatar
 
Join Date: Apr 2013
Location: AZ, SSA (Squabbling States of America)
Posts: 8,271
Rep: 527 (Unique: 330)
Quote: Originally Posted by girugamesh View Post
Wut kind of LoOoOddite still use web forums?
You.

Quote: Originally Posted by ENTERPRISE View Post
This version of VB is not affected.
Then what about the spyware on OCN that I reported being blocked by Malwarebytes?

Jeannie
CPU
i7-3930k
Motherboard
ASUS P9X79 WS
GPU
MSI R7850 Twin Frozr 2GD5/OC Radeon HD 7850 2GB 256-bit GDDR5 PCI Express 3.0 x16 HDCP Ready CrossFireX Support Video Card
GPU
Monoprice 1x2 powered HDMI Splitter
RAM
Kingston HyperX 32GB (8 x 4GB) 240-Pin DDR3 SDRAM DDR3 1600 (PC3 12800) Desktop Memory Model KHX1600C9D3K8/32GX
Hard Drive
128GB Samsung 840 Pro SSD
Hard Drive
4TB Samsung 850 EVO SSD
Hard Drive
4TB Samsung 850 EVO SSD
Hard Drive
4TB Samsung 850 EVO SSD
Hard Drive
4TB Samsung 850 EVO SSD
Optical Drive
LG 12X BD-ROM 16X DVD-ROM 48X CD-ROM SATA Internal Blu-ray Drive CH12LS28
Power Supply
Corsair HX750W
Cooling
COOLER MASTER GeminII S524 120mm Long Life Sleeve CPU Cooler
Case
Antec Two Hundred v2
Operating System
Windows 7 Ultimate
Monitor
3 x Asus VG248QE
Monitor
Vizio VO320E 32" TV
Keyboard
Logitech G510s
Mouse
Logitech M525 with Unifying Receiving
Audio
Corsair SP2500 2.1 Speakers
Audio
ASUS Xonar Essence STX Virtual 7.1 Channels 24-bit 192KHz PCI Express x1 Interface 124 dB SNR / Headphone AMP Card
Other
LSI 9211-8i HBA card
Other
HooToo® HT-CR001 3.5" PCI-E to USB 3.0 Multi-in-One Front Panel Internal Card Reader (6 Memory Slots, Genesys GL3220 Chipset) & SuperSpeed USB 3.0 3-Port Hub (VIA VL800 Chipset), can read & write: M2/MS Micro, High-Speed CF(UDMA), UHS-I, SD, SDHC,...
Other
StarTech HSB220SAT25B 2 Drive 2.5in Trayless Hot Swap SATA Mobile Rack Backplane
CPU
i7-5930K Haswell-e
Motherboard
Asus X99-E WS/USB 3.1
GPU
Visiontek Radeon 7870 2GB with 6 miniDisplayports
RAM
G-Skill Ripjaws 64GB (8x8GB) DDR4 2133
Hard Drive
Samsung 850 EVO 4TB SSDs
Hard Drive
Samsung 950 Pro 512GB m.2 SSD boot drive
Power Supply
Corsair AX760
Cooling
Noctua NH-D15S Cpu cooler
Case
Scratch built. Currently under construction at https://www.overclock.net/t/1602023/preparing-for-a-scratch-built-case
Operating System
Win 7 Ultimate
Mouse
Logitech M525
Mouse
El Cheapo Allsop hard plastic
▲ hide details ▲

Last edited by ryan92084; 10-01-2019 at 08:22 AM.
Lady Fitzgerald is offline  
post #16 of 16 (permalink) Old 10-01-2019, 12:25 PM
In VB's Basement
 
ENTERPRISE's Avatar
 
Join Date: Oct 2004
Location: England,UK
Posts: 64,084
Quote: Originally Posted by Lady Fitzgerald View Post
You.



Then what about the spyware on OCN that I reported being blocked by Malwarebytes?
I popped my head in that thread and answered


Need help with your account or something forum related ? Please use our Contact Us form



ENTERPRISE is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off