Must read! Nulled (vBulletin & IPB) Vulns!

[litewarez]

Ok so made lil video of me playing about with this little DD (Directory Disclosure) vuln in the DGT releases of vBulletin but it was too big to upload so heres some scrennshots!

vBulletin & IPB Vulns!​

Boxheads Site!
[slide]http://www.imgcentre.com/img/uploads/big/5637a1331e.png[/slide]

Boxheads Files (http://belegit.org/validator.php)
[slide]http://www.imgcentre.com/img/uploads/big/0c81f0f865.png[/slide]

Database ive collected

Via this method i have also rooted 2 sites !

Things you should do!
1. Go phpBB
2. Remove the validator.php script!
3. Remove any other scripts thats not needed!
4. Rename ModCp and AdminCp to summat else
5. DO NOT STORE BACKUPS ON htdocs .... and especially with names like backup.sql


PLEASE CHECK IF YOU HAVE THIS FILE ON YOUR SERVER ID SO DELETE ASAP!!!!

I had database from about 12 people who entered the chat the other day, but you all know your DBS are safe and im trusted but others aint!

DELETE them asap!

Proof: http://belegit.org/validator.php - http://vbteam.info/validator.php

SAY THANKS IF THIS HELPED YOU

Shouts to warezdeamon for this aswell lol

 

[Shadøw]

lol thats nothing, only if you store the database on public_html who do you think is enought stupid to do that rofl ^^

 

[litewarez]

Lmao you will be surprised dood!

I have like 3.5Gb's of databases and 2 full sites via this tool! i found stupid things hidden on the site like wysywigs that allow file uploads then shel then injected index with webshell then root!


About 50% of users who read this will be like ooh fuck!

 

[CyberJ37]

http://vbteam.info/validator.php

 

[litewarez]

theres your answer!

 

[Elio]

the only thing this thread shows is that you should be carefull when using nulled scripts nothing more is not rly an ipb or vb vulerability

 

[litewarez]

yea but it is lol because these files are mainly shipped for ipb and vb.. not but the creators but by the nullers and the larger amount of users have nulled!

 

[Elio]

ye but edit the topic title to Nulled vb and ipb vulns

 

[DJ Norix]

Yep ... Already warned a few admins on WJ about it.Some of them even had backups .. <_<

 

[Flash]

That's why you use patched vb nulls. I've used KickASSAMD's nulls and never been caught. Not even in 000webhost :P

 

[Whoo]

A lesson is to never trust anyone else his code. Not even NULLED ones =] , just go for phpBB or get the real deal, buy a license.

 

[Raptile]

phpBB pwns all.

 

[Saime]

Not a vuln, OP's a tard.

 

[Dotcom]

Lite your a hypocritical fuck. Look at your first post. You got gu1337 just like I did, look at your own words before criticizing mine.

Boxheads Site!
[slide]http://www.imgcentre.com/img/uploads/big/5637a1331e.png[/slide]

Boxheads Files (http://belegit.org/validator.php)
[slide]http://www.imgcentre.com/img/uploads/big/0c81f0f865.png[/slide]

Database ive collected

Via this method i have also rooted 2 sites !

I had database from about 12 people who entered the chat the other day,
Proof: http://belegit.org/validator.php - http://vbteam.info/validator.php

 

[CyberHacK]

photoshop? that's not actually on the site .

 

[Dotcom]

What site are you looking at?
[slide]http://www.imgcentre.com/img/uploads/big/462eff2f10.png[/slide]

Via: http://gu1337.com/validator.php
Also note: http://gu1337.com/db/

 

[Elio]

oh and btw nulled or not u can use a scanner to find out directories etc
e.x acunetix

 

[Dotcom]

^ good point, but this just makes it easier.

 

[bumilad20]

All i can is ...you people who didnt know this b4 ..are lucky u do now ..otherwise it cud of been alot worse :P

 

[Maniac_]

I even saw 4* sites with a validator.. And even downloaded something with their Rapidleech.. (Yesterday, shoutbox .. playing)

personally, ive found 17 sites that have a validator.

edit: and i havent even looked at 1* sites!