Portal Forums Calendar Active Threads
Previous Thread
Next Thread
Print Thread
Hop To
Security and 7.5.5
#243040 05/04/2011 10:49 PM
Joined: Jun 2006
Posts: 28
S
Snarf
Offline
newbie
Snarf
newbie
S Offline
Joined: Jun 2006
Posts: 28
Hi all --

Just letting you know that our board was recently compromised by an attacker who seemingly gained Administrator access as a new user. They created a new account, and then somehow through POSTing some variables to the main script appeared to gain Administrator access.

I'm not ruling out a hole in PHP, some sort of other strange configuration error, or password compromise that could have been OUR fault, but thought I'd mention this in case anyone else has observed any problems.

Please send me a PM if you have had a similar recent experience, as I'd like to track down the source of this incident.

Again -- I'm not claiming there is a hole. Just suggesting that if anyone HAS seen strange activity where an outside user gained Administrator access to please mail me.

Thanks
Re: Security and 7.5.5
Snarf #243041 05/05/2011 12:47 AM
Joined: Apr 2007
Posts: 3,940
Likes: 1
SoCal, USA
SD Offline
Former Developer
SD
Former Developer
Offline
Joined: Apr 2007
Posts: 3,940
Likes: 1
SoCal, USA
what data was POSTed? and what was the URL ?

you may want to PM it to me, if you have it smile
Re: Security and 7.5.5
Snarf #243083 05/05/2011 5:11 PM
Joined: Jun 2006
Posts: 28
S
Snarf
Offline
newbie
Snarf
newbie
S Offline
Joined: Jun 2006
Posts: 28
Logs did not track POST variables, so I don't know, which is much of the problem in tracking this down.

He created a new user account.
Used a 2nd browser to POST something to ubbthreads.php 3 times.
Went back to original browser and had Administrator access.

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Bots
by Outdoorking - 04/13/2024 5:08 PM
Can you add html to language files?
by Baldeagle - 04/07/2024 2:41 PM
Do I need to rebuild my database?
by Baldeagle - 04/07/2024 2:58 AM
This is not a bug, but a suggestion
by Baldeagle - 04/05/2024 11:25 PM
Is UBB.threads still going?
by Aaron101 - 04/01/2022 8:18 AM
Who's Online Now
2 members (Nightcrawler, Ruben), 524 guests, and 148 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Forum Rules · Mark All Read Contact Us · Forum Help · UBBCentral
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)