Thursday, October 19, 2017
Home / Security / Breaches / vBulletin and Macrumors Hacked by Inj3ct0r Crew

vBulletin and Macrumors Hacked by Inj3ct0r Crew

The Inj3ct0r team has announced today that they breached both Macrumors and the official vBulletin website.

Macrumors is “home to one of the largest Mac-focused forum sites, with over 690,000 members and over 14,300,000 forum posts as of April 2012”.

They stated in a Facebook post they they got access to the database, shelled the server and rooted it.  They were able to do all of this via a critical Zer0-Day vulnerability in vBullletin versions 4.x.x and 5.x.x.

The team also provided screenshots for proof of these claims.

Shell access:

vBulletin-Zero-day-Vulnerability

Vbulletin Database access:

vBulletin-Database-Dump

They are also offering the Zero-day to patch your forum on their website for 7,000 coins, or 7,000 US dollars, you can purchase it here.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Top Massachusetts hospital suffers a data breach

One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a …