xss injection question

**dascrow** · 12-11-2009 11:07 AM

Anyone else seen this thread?

Iframe MYSQL Injection (http://centiyo.com/in.cgi?default)

Looks like we had it happen on one of our sites today... and we are running 3.8.4pl1 on that site as well with the latest vbseo so upgrading is not an option.

Anyone else?

VBSEO? I just opened a ticket.

**Mert Gökçeimam** · 12-11-2009 11:11 AM

Hello ,

I responded to your ticket

**dascrow** · 12-11-2009 11:13 AM

What about anyone else out there?

**Juan Muriente** · 12-11-2009 11:55 AM

Hello Dascrow,

There is no evidence that this is a hole with vBSEO, therefore, I'll update the title of this thread as to not create anxiety among community members.

If we determine it's something related to vBSEO, we'll definitely make sure everyone gets notified.

Thank-you

**Dunhamzzz** · 12-11-2009 01:39 PM

To repost what I put in that thread; (hope this is ok with the vbseo guys)

3.3.2 was a patchreleased on November the 18th to fix a security loophole. Why you haven't updated yet is beyond me.

I literally applied it within minutes of getting the email.

Sounds like your own fault for not keeping on top of things.

**Juan Muriente** · 12-11-2009 02:03 PM

Originally Posted by Dunhamzzz

To repost what I put in that thread; (hope this is ok with the vbseo guys)

Thank-you Matthew, however I've based my post on the information gathered via the support ticket Dascrow has opened. I simply changed the post title as there is no evidence that his site exploit was caused by a hole in vBSEO.

**dascrow** · 12-11-2009 02:52 PM

Originally Posted by Dunhamzzz

To repost what I put in that thread; (hope this is ok with the vbseo guys)

And also, as mentioned in that other thread, this is a new site and as such had 3.3.2 on it from day 1. So your post is obviously invalid in my case.

So, either they got in via another method or vbseo is still vulnerable. It is impossible for me to tell what method was used at this time.

xss injection question

LinkBack

Thread Tools

Display