MyBB Community Forums

Hello You can refer to any thread in my website.
for example

http://grasshoppernetwork.com/showthread.php?tid=868

You will observe text-enhance.com ads appearing, all over. I mean many words are hyperlinked and on mouse hover, pop up window is displaying advertisement.

However I never opted for any such ads.

Here is the trace url


<a title="Click to Continue &gt; by Text-Enhance" id="_GPLITA_3" style="text-decoration:underline" href="#" in_rurl="http://i.trkjmp.com/click?v=SU46MjYwMDE6MTU3OmNsaWVudDpiZDMzMjk5YjBiM2JhMGQyNGRhMjk3ZGI2NmU2NmJkNTp6LTExNDctNDY5Mjc6Z3Jhc3Nob3BwZXJuZXR3b3JrLmNvbToxNTk3MzpzbWFsbF9zcXVhcmU" in_hdr="null">client</a>


I checked with Postbit/threaddisplay template and no where I found Any javascipt or anything.


It means that something is put inside my database. I need urgent help please.

---

Ok. I deactivated and reactivated systema tag plugin and got it removed. Here is the zip file . Somebody from MyBB team needs to look for the vulnerability in this plugin.

Please review the code. Does it leave a hole for injection?

Do you use a free host? They may be inserting it.

(2012-09-28, 05:38 AM)Paul H. Wrote: [ -> ]Do you use a free host? They may be inserting it.

No Paul, I am using hosting of Znet, one of the better and secured hosting providers. However after deactivating and reactivating tag plugin, the code is gone. Please could you check the plugin. It isn't looking clean to me!

The plugin does look kind of odd, but in my 20 second check, I didn't notice a whole lot. But some stuff looked a little abnormal, I agree.

For example tag.php can be called from URL.

domainname.com/tag.php?id=

I mean such exposure leave open all the possibilities

EDIT: it seems clean to me.

http://mods.mybb.com/view/tag-system

---

[EDIT]. Did not see the last post. Thanks a Lot Paul.