Must read! Nulled (vBulletin & IPB) Vulns!

[-Im.z2ight-]

[slide]http://www.imgcentre.com/img/uploads/big/bf2cacbb8e.png[/slide]

lol.

My screen shot

 

[Elio]

^ good point, but this just makes it easier.

website scanners are easy enough

 

[-Im.z2ight-]

Any idea what "file_id.diz" is?

 

[Saime]

http://en.wikipedia.org/wiki/FILE_ID.DIZ

 

[-Im.z2ight-]

Thanks..

 

[Hussie]

even vbteam..lol..Thanks for the tip lite

 

[litewarez]

If i find anymore people using this to hack sites i will not allow this here!!

if you hack a site tell them about it or your just another boxhead,dAd0,Krun!x and i will also be out to play with your sites !!

some respect ppl! i respect your sites !!

 

[Veer]

Thanx for the info bro...

 

[ChosenOne]

http://vbteam.info/validator.php

I told them about that long time ago, they didnt took me serious, but they have nothing to hide there, do they?

 

[StupidGlitch]

I've always deleted the Validator.php file.

And i also rename the Admin/Mod and have the folder with IP only access.

 

[G56Ace]

*sigh*

 

[litewarez]

G56Ace i apologies on behalf of dotcom the idiot !!!

i did have a go http://www.imgcentre.com/img/uploads/big/98e1978ce9.png

and this was ment to help people out but some nobhead thought he was funny!!

sorry dood he wont get help from me again :/

 

[tw0]

LOL,it's not vuln...

 

[G56Ace]

Thanks lite.
Just another life lesson learned. :P

 

[litewarez]

WTF

Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

To be vulnerable, an attacker must have at least one applicable tool or technique that can connect to a system weakness.

In this frame, vulnerability is also known as the attack surface.

This means that this issue provides a gateway to a vuln so there for it is only vuln if your stupid enought to leave DB's or scripts in directories that you thought was private!

Regardless of vuln or not its an issue that needs to be sorted out because ive rooted 2 sites (notified admins) and as you can see by script kiddies this has knocked a few sites down so it needs to be addressed!

all sitting here worrying about me being inarticulate when sites are "vuln" to hackers!

 

[tw0]

vBulletin or IPB is not vuln,it's just php script which list main directory,and it cannot be exploited...

 

[Storm]

Well, remove it anyway. end of story

 

[Phozon]

lites correct this is a vuln of sorts its giving anyone access to see your files even download them i've ended up with over 6 gig of dbs (no i wont leak or use) but its proof it can be used for bad and thanks for the credit lite even though i don't really deserve it lol

 

[r0ck]

yea have to say remove these files asap :P

 

[ChosenOne]

I trust litewarez, lol. and yeh, Katz staff gave him free 1 month text-link on one of their sites so you could imagine how big was that vuln