Somethings is wrong here random people on my forum just keep getting admin. Like one guy is online and boom he is admin out of no where and then the same thing happens a second later is this a rat or injection? I can't understand please help...
Plugins
1-http://gyazo.com/798b3abddc4d3d4bab17c44c2ecc697b
2-http://gyazo.com/30f57c1aad54f4afae453aeddfdb7c5b
disable your mytabs and profile comments
(2014-01-02, 08:41 AM)kote2012 Wrote: [ -> ]disable your mytabs and profile comments
How are these plugins connected to the mentioned admin problem? I read they cause it 1st time. Could you specify which codes in them are responsible for this?
MyTabs was reported to be SQL injection vulnerable, so maybe this is that case.
(2014-01-02, 12:31 PM)Destroy666 Wrote: [ -> ]How are these plugins connected to the mentioned admin problem? I read they cause it 1st time. Could you specify which codes in them are responsible for this?
Because one of them is known to have a SQL injection security hole meaning anybody can run SQL queries on your database.Also mods.mybb.com should be the only place you trust in getting plugins and even then always check plugin code ....
@2 guys up, maybe reading text on the screenshot carefully before posting would be a better idea than providing invalid information... He uses version 1.32 of MyTabs, the vulnerability is reported here
http://community.mybb.com/thread-133659.html in version 1.31. I don't think further explantation is needed, is it?
Also Profile Comments isn't even there..
I did have profile comments but a lot of people are saying it was my sql injection because of MyTabs.
It wasn't the plugins, the SQL was in your register page. I told MyBB a few versions back and they still haven't listened and even the latest version is still vuln.
(2014-01-06, 10:49 PM)v3nd3tta Wrote: [ -> ]It wasn't the plugins, the SQL was in your register page. I told MyBB a few versions back and they still haven't listened and even the latest version is still vuln.
Could you give me info on a POC in a PM? I'm curious as to what you're talking about.
It seems to me that a simple mod or plugin could be created to block anyone that attempts to register with ONLY the words "china" & "thanks" in the location and bio fields, respectively.
In essence, never allowing that registration to be processed and therefore flushing any trace of that registration attempt from the DB after automatically adding that IP address to the 'Banned IP address list'.
After-all, that's been the common factor on my forums regarding the recently reported 'spam' infiltrations. And not all of them post stuff. Most just register without posting anything. But it seems they ARE looking for a "Security hole" to breach. And they've already circumvented the "Required Custom Questions" feature. Not Good!