SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Threaded View

  1. #1
    SitePoint Addict bronze trophy
    Join Date
    Apr 2013
    Location
    Ithaca
    Posts
    351
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)

    VB3.8.7 showthread.php has security flaws?

    Well I received an email from my webhost saying that they've received complaints about my dedicated server sending spammails. Its weird as I'd never do such thing myself, it also would not benefit me at all. As I've investigated further, I was able to track down the spammer's info from this:

    X-Mailer: vBulletin Mail via PHP
    Date: Tue, 3 Sep 2013 13:02:12 -0700
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - srv1.******.com
    X-AntiAbuse: Original Domain - lycos.com
    X-AntiAbuse: Originator/Caller UID/GID - [500 32007] / [47 12]
    X-AntiAbuse: Sender Address Domain - srv1.******.com
    X-Get-Message-Sender-Via: srv1.******.com: authenticated_id: ******/from_h
    X-Source: /usr/bin/php
    X-Source-Args: /usr/bin/php /home/******/forum/showthread.php
    X-Source-Dir: ******.com:/public_html/******/forum

    This is a message from Ann Curtis ( mailto: ) from the ****** Forum ( http://www.******.com/forum/ ).

    The message is as follows:

    .



    Dearest Energy User,


    A POWERFUL invention from 1927 that secretly powered the famous Col. Charle=
    s Lindbergh's aircraft on his voyage to be the first to cross the atlantic =
    by airplane without stopping.

    The same invention has already helped thousands of energy users by SLASHING=
    their Electric Bill up to almost 100 percent.

    See this page to see the video: http://payspree.com/12855/ann

    Have a good one.


    Ann Curtis
    So apparently this 'Ann Curtis' from payspree.com(actually techville,net) was able to send spammails by impersonating my server through Vbulletin's showthread.php page. I've heard that in the earliest days of VB3 there was a XSS security flaw within VB3.0.7, but this is VB3.8.7(patch lv.3) already and I doubt if such XSS vulnerability still exists. It could also be session hijacking, I have no idea what it is.

    This problem caught my attention since I had a similar experience back in July, and I was able to persuade my webhost to continue to run my forum as the spammer left after the webhost suspended my account for about 2-3 days. So its technically the second time that my vbulletin forum's showthread page vulnerability is being abused, I wonder if anyone else is experiencing an issue similar to this? If so, how do you fix it? Please lemme know if you know anything about it. Thx.
    Last edited by Mittineague; Sep 6, 2013 at 10:19. Reason: delinking quote


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •