HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

help glitch or hacker

_help I was on my website when the page suddenly started saying (the page says lol rekt) my website is sbforums.esy.es actually I can go in it by mobile but not on computer plz help as fast as possible

Comments

  • R_JR_J Ex-Fanboy Munich Admin

    Seems to have something to do with the tagging plugin. Try to disable it.


  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited July 2016

    I took another look at your files for your forum and fixed it again. The default theme had something wrong with it . It looks like the only themes that work are the ones I made.. very odd.

    There might have been something hacked because that popup was not normal and it came from the default theme. Not sure what you did.

    It works again, please enable plugins one by one and test each one to see if any of them were the cause of your problems..

    Something is not allowing themes that use default.master.tpl to work… Only themes that use a default,master.php work on your forum. I do not know what could be causing this.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Upon some research I have found this

    http://stackoverflow.com/questions/1932556/smarty-outputs-blank-page

    http://www.smarty.net/forums/viewtopic.php?p=83590

    I replaced all your files for the forum. I have no more time to check things but I hope later to be able to test more.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @RedWulf

    You should also know that your User Name is not working because you are using characters like /// and \\ in your name and they are not the proper html so it's not being recognized and makes the link to your profile throw a 404 not found. This name does not work //RedWulf\ //:OWNER:\ you need to just Use RedWulfOWNER with out the slashes...

  • @vrijvlinder said:
    @RedWulf

    You should also know that your User Name is not working because you are using characters like /// and \\ in your name and they are not the proper html so it's not being recognized and makes the link to your profile throw a 404 not found. This name does not work //RedWulf\ //:OWNER:\ you need to just Use RedWulfOWNER with out the slashes...

    Ok thank you once again vr im gonna look at that stack and remember those

  • @vrijvlinder said:
    @RedWulf

    You should also know that your User Name is not working because you are using characters like /// and \\ in your name and they are not the proper html so it's not being recognized and makes the link to your profile throw a 404 not found. This name does not work //RedWulf\ //:OWNER:\ you need to just Use RedWulfOWNER with out the slashes...

    I enables plugins and The lol rekt started again pls help

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited August 2016

    Disable all plugins.

    Enable one at a time to find the problem one.

    When you know which one it is, it would be worth posting a question in the relevant plugin page, in case it has a security vulnerability.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited August 2016

    @RedWulf

    Please make me an admin account at your forum and send me the login instructions via private message.

    I fixed it again but from ftp I can't see what is inputed in the fields. Don't turn anymore plugins on until I see what is entered that is causing this issue.

    I think someone entered some code into a tag or other , maliciously. This user according to R_J needs to be banned and his content deleted.

    And you should ban that user: http://sbforums.esy.es/forum/profile/16/JamesDoh7

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Ok , I fixed your forum again and got rid of the bad tags that had a script… hmm very bad that people would exploit your forum. Don't trust people … no one other than yourself or people like us that have Ethics. In other words , will do no harm.

    I think my theme and the banner image I made for you works well for now since you are building your community … keep it that way until you learn how to fix problems you encounter with other themes or plugins.

    Yo te ayudo si me ayudas, ok ? :)

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited August 2016

    @River said:
    how did they enter a script into the tag??? what was the vulnerability? did you >burn the evidence?

    There was a vulnerability where the text entered into the tag was not being stripped of non htmlcharacters…

    R_J gave me the code to patch the vulnerability for them. And said he reported it.

    There were 3 tags with <script> in them. I deleted them and deleted the one who posted them and any content they had. The tags can be seen in the dashboard.

    I would avoid using the tagging plugin until it is fixed.

    River
  • RiverRiver MVP
    edited August 2016

    I don't think anyone will see this info about not using tagging plugin :)

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @River said:
    I don't think anyone will see this info about not using tagging plugin :)

    It was reported and I am sure they are working on it and are aware, I would post the fix here if anyone has the same issues.. but announcing that there is a problem on a discussion may bring unwanted people to test out how bad they can fckup some poor person's forum.

    I would wait until others have the same issue. This could have been an isolated incident, due to their installation being totally wrong and I had to upload all the files again to make sure it was working again.

    I try not to get involved in these kinds of issues with staff, I am terrible about reporting , coz I'm incompetent from lack of practice , those issues I reported are very low in the totem pole of their priorities. So hopefully they will fix this pronto for everyone.

  • RiverRiver MVP
    edited August 2016

    @RedWulf said:
    _help I was on my website when the page suddenly started saying (the page says lol rekt) my website is sbforums.esy.es actually I can go in it by mobile but not on computer plz help as fast as possible

    @r_j said: Seems to have something to do with the tagging plugin. Try to disable it.

    In addition to tagging plugin, disable profileextender plugin as well.

    also change your admin passwords, it is a good idea to do this especially after patching and fixing things after an exploit is used to compromise your site

    disclosed to linc via pm.

    @vrijvlinder said: So hopefully they will fix this pronto for everyone.

    keep your fingers crossed.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

    vrijvlinder
  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited August 2016
  • data66data66
    edited August 2016

    Would anyone please pm me a link to the vulnerability fix? As 2.3 is still in the cooker, and I don't think a release would be made right now, I would appreciate a pm for the fix if possible. :) I need tags to work without issues if possible.

  • RiverRiver MVP
    edited August 2016

    @data66 compare enhanced tags plugin https://vanillaforums.org/addon/tagging-plugin with the staff plugin regarding panel. the much older enhanced plugin in the add-ons has the vulnerability corrected (although other aspects may not work).

    If you are a patient we should expect a release soon to correct this vulnerability for thousands of users.

    or the better option if you are impatient may be to replace with master which also doesn't have vulnerability at least doesn't appear to looking at the code, I don't use tagging.

    https://github.com/vanilla/vanilla/blob/master/plugins/Tagging/class.tagmodule.php

    fwiw - the master is not vulnerable, and both 2.3b1 and 2.2.1 are vulnerable with regards to above issues reported.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

    data66vrijvlinder
  • vrijvlindervrijvlinder Papillon-Sauvage MVP
            TagFullName($Tag).' '.Wrap(number_format($Tag['CountDiscussions']), 'span', array('class' => 'Count')),//this name is not stripped from non html characters= BAD shit will happen
    
    
        htmlspecialchars(TagFullName($Tag)).' '.Wrap(number_format($Tag['CountDiscussions']), 'span', array('class' => 'Count')),//this name only accepts html characters no bad shit will happen
    
    data66
  • RiverRiver MVP
    edited August 2016

    Be careful using debugger plugin (it can increase your vulnerabilities if you don't pay attention) not to be confused with the debug config statement.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

    vrijvlinderdata66
Sign In or Register to comment.