Warning: Illegal string offset 'html' in /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php on line 909

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 114

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 127

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 136

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 137

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 141
hacked by sacred-hacks? - HSN forum

Jump to content


hacked by sacred-hacks?


3 replies to this topic

#1 d2vid

    Showing Improvement

  • Members
  • PipPip
  • 40 posts
  • Location:Very Dark Side of the Internet
  • Interests:Computers, Graphics, vBulletin, PHP, Hacking, Web scripts, Maths, and more...
  • Gender:Male

Posted 12 January 2007 - 07:29 AM

lol... u should use vbulletin ;]
"Imagination is more important than knowledge"
---------------------------------------------
Going to Uni next year!

#2 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 12 January 2007 - 10:10 AM

QUOTE(d2vid @ Jan 12 2007, 07:29 AM) View Post
lol... u should use vbulletin ;]


vBulletin and all other boards are just as vulnerable to XSS attacks as IPB is. Go look at vB releases and there are a lot of upgrades to combat XSS flaws, just like IPB has. It's hundreds of thousands of lines of php so obviously a small slip and things like this happen.

Also note that the reason this has happened is that the board is running 2.1.5 which is not the latest version of the 2.1.x series. George and Steve are really busy guys so keeping upto date with board releases and taking the time to do it must be lower on their priority list (They are in 3rd year of uni afterall).

Believe me, throwing money into vBulletin and not upgrading the board when you should - It'll get hacked just as it has today.


#3 d2vid

    Showing Improvement

  • Members
  • PipPip
  • 40 posts
  • Location:Very Dark Side of the Internet
  • Interests:Computers, Graphics, vBulletin, PHP, Hacking, Web scripts, Maths, and more...
  • Gender:Male

Posted 12 January 2007 - 11:11 AM

Yeah i know that.. however there are many more bugs for IPB that for vB.. that's why i am advising that.

I did hack IPB few times (just explits).. and it's not hard.

As far as i know there are only 2 XSS vuln for vBulletin (and it is fot 3.6.3 version (newest is 3.6.4)
), whereas on IPB there are many more ;]

I tested the newest version of IPB (2.2.1) and it was much slower than vBulletin.. and also there are two vuln for newest IPB that actually needs some functions to be on/off or they need some actions from administrator, however they are dangerous..
And as I can see now.. lot's of boards do migrate to vBulletin, as scriptkiddies 'hacked' their IPB board ;]

Of course nothing is 100% secure.. but there are more & less vurnelable scripts wink.gif
"Imagination is more important than knowledge"
---------------------------------------------
Going to Uni next year!

#4 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 14 January 2007 - 07:42 PM

There are 2 vulnerabilities for the newest IPB? Where exactly? Matt nor Brandon have issued a security release for any vulnerability in 2.2.1. In fact, in the time I spent at IPS most of the issues raised by script kiddies were in fact lies. There are 2 vulnerabilities for vB 3.6.3 and supposedly 2 for IPB - Ermm, that doesn't sound like "many more". wink.gif

Sure, there are more and less vulnerable scripts out there. I know of no better coders than Matt or Brandon and I know that they are always right on top of security released. They don't make silly mistakes. In fact, a few of the recent exploits have been with php itself (There was a major issue in preg_replace() if I recall correctly).

All bulletin board exploits aren't too difficult to take advantage of because most of them suffer the same security issues with regards to XSS - Poorly checked input, no intval() checking, not checking cookies etc.

vBulletin only has a speed advantage in the case of there being roughly many thousands of members constantly browsing a board. IPB has always been far faster in benchmarks for normal boards and it is also doing well in big board categories (Neowin etc.). HSN has a maximum of about 75 users on at one time so it doesn't need to worry about excessive load times.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users