If you currently use an older version of vBulletin on your website, you might be opening up your site to an attack as some serious security vulnerabilities, which allows hackers to access your hosting admin panel.
Two Indian Hackers, going by virtual name Ne0-h4ck3r & Google-warri0r has developed an exploit of known vBulletin vulnerability, that can be used to add a user remotely to vBulletin customer panel with admin privileges.
According to Hackers, vBulletin versions 4.x.x.x are affected to their exploit. It isn't quite clear the extent of the exploit, however, hundreds of major websites on vBulletin have been reported to be affected.
Here's a list of some domains that have been used so far in this attack:
- https://usasexguide.info/
- https://www.desironak.com/
- https://www.pakistanipoint.com
- https://www.cssexam.com/forum.php
- https://www.bankers.pk/
- https://voiceofkarachi.com/
- https://www.pakguns.com/
Hackers targeting Pakistani forums, as well as some USA based forums also i.e. Below you can see the database from usasexguide.info forum having thousands of registered users, was hacked by team recently.
vBulletin users are advised to upgrade to the latest version to fix the issue.
vBulletin users are advised to upgrade to the latest version to fix the issue.
