SLGR
04-07-2006, 12:39 AM
Ok, yesterday i become hacked.
The good news is that the added page /forum/modules/index.htm appears (i just deleted it) only by direct hit. If now you visit the first page (based in vBAdvanced 2.0.0) you will get this error:
Database error in vBulletin 3.5.2:
Invalid SQL:
SELECT
thread.threadid, post.title, thread.replycount, postusername, postuserid, thread.dateline AS postdateline, thread.lastposter, thread.lastpost, IF(views<=thread.replycount, thread.replycount+1, views) AS views, thread.forumid, post.postid, pagetext, allowsmilie, forum.title AS forumtitle
,thread.iconid AS threadiconid, iconpath AS threadiconpath
, NOT ISNULL(subscribethread.subscribethreadid) AS subscribed
FROM thread AS thread
LEFT JOIN forum AS forum USING (forumid)
LEFT JOIN post AS post ON (post.postid = thread.firstpostid)
LEFT JOIN icon USING (iconid)
LEFT JOIN subscribethread AS subscribethread ON (subscribethread.threadid = thread.threadid AND subscribethread.userid = '1')
LEFT JOIN deletionlog AS deletionlog ON (thread.threadid = deletionlog.primaryid AND type = 'thread')
WHERE thread.threadid IN(4363,4302,4290,4127,4122,4075,4071,4069,4068,4018)
GROUP BY post.postid
ORDER BY sticky DESC,thread.dateline DESC
LIMIT 10;
MySQL Error : Got error 28 from storage engine
Error Number : 1030
Date : Friday, April 7th 2006 @ 07:34:36 AM
Script : http://www.securitylabs.gr/
Referrer :
IP Address :
Username :
Classname :
Any ideas on how to fix it?
Is a template re-installation going to fix it?
The board is working greatly, I guess everything may have been done using some kind of vulnerability in VBA's code..
:)
:)
The good news is that the added page /forum/modules/index.htm appears (i just deleted it) only by direct hit. If now you visit the first page (based in vBAdvanced 2.0.0) you will get this error:
Database error in vBulletin 3.5.2:
Invalid SQL:
SELECT
thread.threadid, post.title, thread.replycount, postusername, postuserid, thread.dateline AS postdateline, thread.lastposter, thread.lastpost, IF(views<=thread.replycount, thread.replycount+1, views) AS views, thread.forumid, post.postid, pagetext, allowsmilie, forum.title AS forumtitle
,thread.iconid AS threadiconid, iconpath AS threadiconpath
, NOT ISNULL(subscribethread.subscribethreadid) AS subscribed
FROM thread AS thread
LEFT JOIN forum AS forum USING (forumid)
LEFT JOIN post AS post ON (post.postid = thread.firstpostid)
LEFT JOIN icon USING (iconid)
LEFT JOIN subscribethread AS subscribethread ON (subscribethread.threadid = thread.threadid AND subscribethread.userid = '1')
LEFT JOIN deletionlog AS deletionlog ON (thread.threadid = deletionlog.primaryid AND type = 'thread')
WHERE thread.threadid IN(4363,4302,4290,4127,4122,4075,4071,4069,4068,4018)
GROUP BY post.postid
ORDER BY sticky DESC,thread.dateline DESC
LIMIT 10;
MySQL Error : Got error 28 from storage engine
Error Number : 1030
Date : Friday, April 7th 2006 @ 07:34:36 AM
Script : http://www.securitylabs.gr/
Referrer :
IP Address :
Username :
Classname :
Any ideas on how to fix it?
Is a template re-installation going to fix it?
The board is working greatly, I guess everything may have been done using some kind of vulnerability in VBA's code..
:)
:)