Jump to content
Login new information ×
Login new information

vBulletin Zero-Day Used to Hack Official vBulletin Website and Foxit Software

Karamjit

By Karamjit
in Security & Privacy News

Recommended Posts

Karamjit

Karamjit

Posted
Posted
Hacker Coldroot claims responsibility for the attack

It appears that a zero-day vulnerability in the vBulletin forum package allowed an Egyptian hacker to breach the official vBulletin website and the forums of Foxit Software, which was using vBulletin for its forum section.

The hacker is Mohamed Osama who, as soon as he pulled off the attack, started bragging to @Cyber_War_News on Twitter.

Osama, who also goes by the nickname of Coldroot, went on so far to create a YouTube video of him while hacking vBulletin.com, posting photos on his Facebook profile, and even send images to @Cyber_War_News of the data he acquired in the hack. His YouTube and Facebook posts were eventually deleted.

Egyptian hacker Coldroot claims responsibility

Osama's LinkedIn profile reveals he's a Senior Programmer at Orbit Shield in Dubai, and ironically lists "Cracking" and "Ethical Hacking" as some of his skills.

According to visual evidence that @Cyber_War_News acquired, the hacker managed to break into vBulletin's infrastructure, upload a shell and exfiltrate the company's customer database.

A sample of the database that @Cyber_War_News received confirms that the data contained user IDs, names, email addresses, security questions, their answers, and password salts.

Despite the hacker claiming his intrusion went unnoticed, the breach was detected and discussed by the company towards the end of the past week. At one point, the vBulletin website was put offline for maintenance and continues to be down at the time of this article.

Before going offline, vBulletin's forum stats page listed around 345,000 users. We have contacted the company for a statement.

Foxit Software also hacked, with the same vBulletin exploit

But the bad news doesn't end here. According to the same @Cyber_War_News, after breaching the vBulletin.com website, Coldroot then moved on to the forums of Foxit Software, a company specialized in producing desktop applications.

Foxit was running vBulletin's forum package, and the hacker said he used the same zero-day bug to breach their database, stealing data for around 260,000 customer accounts. Foxit Software forum's statistics section lists over 535,000 accounts.

The hacker claims that the entire Foxit hack took him only two days. We have also reached out to Foxit Software for comment. We will update this article as soon as new information becomes available.

From

Link to comment
Share on other sites
  • Replies 2
  • Views 608
  • Created
  • Last Reply
Kalju

Kalju

Posted
Posted

Oh, this is not the only one, complete line of servers is down for a long time, either in full or will not work, for example, ftp.

Just today I discovered, that one of the server where I have a few things to try, it is entirely on the ground, do not know how long it will last.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...