CATEGORIES
home News

'Inj3ct0r Team' Claims Responsibility for MacRumors and vBulletin Hacks, Begins Selling Exploit

by Rob WilliamsMonday, November 18, 2013, 02:05 PM EDT

It seems that there's a lot more to the MacRumors story we reported over the weekend, and what's now becoming known is a bit worrying for anyone running vBulletin's forum software and users who contribute to communities that run on it.

Previously, we discussed that tech site MacRumors experienced a database breach which saw 860,000 user accounts taken from its servers, and in the same post, I talked about an email I received straight from vBulletin on the same day, reporting a similar security issue. At the time, it was difficult to surmise what was going on, because no information was posted on the official vBulletin site at all, and nothing could be found on the site's forums.

Today, important information regarding that security issue has begun coming out, and it appears that like MacRumors, the official vBulletin.com forums has had its entire database taken, with the same exploit and team behind both.

According to 'Inj3ct0r Team', the group claiming responsibility for the attacks, the vulnerability it discovered affects both vBulletin 4 and 5. On the group's Facebook, it was said, "We've got upload shell in vBulletin server, [downloaded] database and got root."

After the MacRumors' incident, it was said that the exploiters merely logged into an administrator account and escalated privileges, but based on what Inj3ct0r Team is stating, that doesn't seem to be the case at all. A vBulletin-specific bug is the definite root of the issue, however, and the result is being able to upload a shell script to gain remote access to the Web server. An example of a successful breach using this exploit can be seen below:

As we reported on Saturday, the team behind the attack has seemingly no interest in selling off the accounts it's acquired, or exploit them itself. However, it does appear that some money-making interests are at play, as via the official Inj3ct0r website, an exploit entitled, "vBulletin v4.x.x and 5.?.x Shell Upload / Remote Code Execute (0day)" is being sold for about $7,000.

Up to this point, vBulletin has not released a patch to fix this issue, and it's unclear at this point whether or not the company itself understands the exploit (it'd seem likely that it'd be one of the purchasers of this exploit, unless the company somehow quickly figured out the vulnerability on its own).

What's upsetting about all of this is that this isn't the first time a severe vBulletin vulnerability has become known, and as it appears the hashing algorithm used for the passwords is the rather ancient and vulnerable MD5, one must question the company's weight on security measures.

Tags:  security, Privacy, Forums, vBulletin
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment