Major vBulletin flaw found
LSA King
Regular
A serious flaw in software widely used to power online discussion sites could allow hackers to harvest reams of personal data, the BBC has learned.
The flaw in a specific version of the vBulletin software allows anyone to easily access the main administrator username and password for a site.
This would also allow hackers to access data, such as e-mail addresses, and edit the site at will.
http://www.bbc.co.uk/news/technology-10714192
Comments
vBulletin 3.8.6
Which is what we are using currently
Anybody interest on trying it here?
and you forgot they can basically takeover the entire board doing whatever they want to it and the database. That's a pretty big "opps" considering VBulletin 3.8.6 isn't necessarily new by all means to suffer from such a major, yet simple attack.
Tempting to try it. Not on here though. What version is Zoklet running again?
We were at risk 3.8.6 but I pm'ed the Admin with the fix and it was patched. So, we're safe.
Google for something like "Powered by Vbulletin 3.6.8 or whatever it is" and click on the 5th page
For bonus points, mess with schools, because they are lulz.
I got the database name, username, password, host and port number. How do I /use it/?
I tried logging into the forum with the username and password, didn't work. I have no idea how to attempt to log into the database...it's been forever since I've done anything with mysql databases.