livestyle Posted October 30, 2013 Report Posted October 30, 2013 35,000 websites hacked using an exploit in vBulletin Forum SoftwareAn exploit found in the World’s fourth most popular content management system (CMS) “vBulletin,” which allows a hacker to create an account on the website with administrative privileges, right now over 100,000 websites powered by this software.In August, vBulletin users using version 4.x and 5.x of its software were informed that they needed to remove two directories ( “/install” and “/core/install”) on sites using the system or they would leave themselves open to an unspecified attack.And according to a data security company “Imperva” users didn’t listen up the warning and in result over 35,000 websites running vBulletin have been hacked using this vulnerability.We took a look to the vBulletin website and found Major companies like EA, Zynga, Sony and Steam are listed in their customer section.Imperva writes in its blog:Although vBulletin has not disclosed the root cause of the vulnerability or its impact, the Imperva Application Defense Center (ADC) has determined the attacker’s methods.How an attacker able to create an account with administrator privileges:In the initial analysis, Imperva gone through the warning—vBulletin released in August, a victimized user shared his server’s Apache log over there— providing some visibility into the attacker’s procedure:sursa Hackers News Bulletin - Hacking and Hackers News on one click- The Latest Always Quote
