Overclock.net - An Overclocking Community - Reply to Topic
Thread: [Ars] High-severity vulnerability in vBulletin is being actively exploited Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
10-01-2019 11:25 AM
ENTERPRISE
Quote: Originally Posted by Lady Fitzgerald View Post
You.



Then what about the spyware on OCN that I reported being blocked by Malwarebytes?
I popped my head in that thread and answered
10-01-2019 03:50 AM
Lady Fitzgerald
Quote: Originally Posted by girugamesh View Post
Wut kind of LoOoOddite still use web forums?
You.

Quote: Originally Posted by ENTERPRISE View Post
This version of VB is not affected.
Then what about the spyware on OCN that I reported being blocked by Malwarebytes?
10-01-2019 12:56 AM
anti-clockwize
Quote: Originally Posted by neurotix View Post
lol
I also used sed (as per the article) for a custom conky calendar
Code:
 {execpi 20000 LAR=`date +%-d`; ncal -bh | sed '2d' | sed -e '1d' -e 's/\<'$LAR'\>/${color1}&${color5}/' | sed ':a;N;$!ba;s/\n/\n${goto 28}/g'}
My desktop looks like this
Attachment 297866

I am not a malicious actor but I *highly* suggest VS patch the current code base for OCN against this immediately as it's literally as easy as copying the shell script out of that article, saving it as 'blahblahvbatk.sh' or something, and then figuring out some basic Bash shell scripts to control the site from a C&C server with an Apache install, through TOR over OpenVPN or something, and maybe a proxy. It would then be possible to ransom the admin panel, go in it and delete the SQL database, etc.
Huh? Why are you talking about your use of sed and posting pics of your desktop in this thread?

I wouldn't worry too much about an article posting the exploit code when sites like this: https://www.exploit-db.com or google project zero exist
09-29-2019 02:04 PM
Duality92 Extremehw.net is already patched too
09-29-2019 11:43 AM
1Kaz
Quote: Originally Posted by epic1337 View Post
more and more people are getting into the security field, its only inevitable that they'd find security holes even in the most secure software.
That's only inevitable if people leave back doors open :/

If we could get hardware companies to quit building back doors, it would really help.
09-28-2019 02:25 PM
neurotix
Quote: Originally Posted by ENTERPRISE View Post
This version of VB is not affected.

That's excellent then.

My post was only to demonstrate proof of concept, of course, and illustrate really just how easy it would be, even for a single person. If it was someone/an organization (a criminal one) with infrastructure already set up, a botnet, etc. then it would be even easier.

Good to know OCN is protected.
09-26-2019 03:51 PM
ENTERPRISE
Quote: Originally Posted by neurotix View Post
lol

I run Debian Linux and do graphic design and custom conky scripts (desktop monitor) and theming for my installs as well as tons of tweaking, firewall scripts etc.

I also used sed (as per the article) for a custom conky calendar
Code:
 {execpi 20000 LAR=`date +%-d`; ncal -bh | sed '2d' | sed -e '1d' -e 's/\<'$LAR'\>/${color1}&${color5}/' | sed ':a;N;$!ba;s/\n/\n${goto 28}/g'}
Which simply prints the output of a terminal calendar application. With formatting.

My desktop looks like this


Attachment 297866



After my recent upgrade to a 3900x, running MATE, Compiz-Reloaded and Emerald window controls, with my custom background I made in GIMP, and my custom conky with extensive use of LUA scripts

I am not a malicious actor but I *highly* suggest VS patch the current code base for OCN against this immediately as it's literally as easy as copying the shell script out of that article, saving it as 'blahblahvbatk.sh' or something, and then figuring out some basic Bash shell scripts to control the site from a C&C server with an Apache install, through TOR over OpenVPN or something, and maybe a proxy. It would then be possible to ransom the admin panel, go in it and delete the SQL database, etc.

This is what you get when you run a hobbled together 2003-era vBulletin in 2019. Hope this was already known about and patched, VerticalScope, Inc.
This version of VB is not affected.
09-26-2019 02:56 PM
neurotix
remove

forget it
09-26-2019 09:38 AM
girugamesh Wut kind of LoOoOddite still use web forums?
09-26-2019 08:00 AM
Caffinator
Quote: Originally Posted by skupples View Post
I assume that's SOP internally for the folks breaking the code for a living, but posting it in a public article is just hilarious. "don't believe us? try it yourself!"

have at it boys! go find some random vbul!
How about OCN?

rm -rf *

oops
This thread has more than 10 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off