Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Malicious code is inserted in MyBB
Hello You can refer to any thread in my website.
for example

You will observe ads appearing, all over. I mean many words are hyperlinked and on mouse hover, pop up window is displaying advertisement.

However I never opted for any such ads.

Here is the trace url

<a title="Click to Continue &gt; by Text-Enhance" id="_GPLITA_3" style="text-decoration:underline" href="#" in_rurl="" in_hdr="null">client</a>

I checked with Postbit/threaddisplay template and no where I found Any javascipt or anything.

It means that something is put inside my database. I need urgent help please.

Ok. I deactivated and reactivated systema tag plugin and got it removed. Here is the zip file . Somebody from MyBB team needs to look for the vulnerability in this plugin.

Please review the code. Does it leave a hole for injection?

Attached Files
.zip (Size: 47.67 KB / Downloads: 142)
Do you use a free host? They may be inserting it.
-Paul H.

Cogisne lingua latina?
(2012-09-28, 05:38 AM)Paul H. Wrote: Do you use a free host? They may be inserting it.

No Paul, I am using hosting of Znet, one of the better and secured hosting providers. However after deactivating and reactivating tag plugin, the code is gone. Please could you check the plugin. It isn't looking clean to me!
The plugin does look kind of odd, but in my 20 second check, I didn't notice a whole lot. But some stuff looked a little abnormal, I agree.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
For example tag.php can be called from URL.

I mean such exposure leave open all the possibilities Sad
EDIT: it seems clean to me.
-Paul H.

Cogisne lingua latina?

[EDIT]. Did not see the last post. Thanks a Lot Paul.

Forum Jump:

Users browsing this thread: 1 Guest(s)