1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

vBulletin Zero-Day Used to Hack Official vBulletin Website and Foxit Software

Discussion in 'BlackHat Lounge' started by No.RuleZ, Nov 3, 2015.

  1. No.RuleZ


    Jul 23, 2010
    Likes Received:
    [FONT=museo_sans_cond]It appears that a zero-day vulnerability in the vBulletin forum package allowed an Egyptian hacker to breach the official vBulletin website and the forums of Foxit Software, which was using vBulletin for its forum section.
    [FONT=museo_sans]The hacker is Mohamed Osama who, as soon as he pulled off the attack, started bragging to https://twitter.com/Cyber_War_News on Twitter.[/FONT][FONT=museo_sans]Osama, who also goes by the nickname of Coldroot, went on so far to create a YouTube video of him while hacking vBulletin.com, posting photos on his Facebook profile, andhttp://www.databreaches.net/vbulletin-foxit-software-forums-hacked-by-coldzer0-hundreds-of-thousands-of-users-info-stolen/ to @Cyber_War_News of the data he acquired in the hack. His YouTube and Facebook posts were eventually deleted.[/FONT]Egyptian hacker Coldroot claims responsibility

    [FONT=museo_sans]https://www.linkedin.com/in/coldzer0 reveals he's a Senior Programmer at Orbit Shield in Dubai, and ironically lists "Cracking" and "Ethical Hacking" as some of his skills.[/FONT][FONT=museo_sans]According to visual evidence that @Cyber_War_News acquired, the hacker managed to break into vBulletin's infrastructure, upload a shell and exfiltrate the company's customer database.[/FONT][FONT=museo_sans]A sample of the database that @Cyber_War_News received confirms that the data contained user IDs, names, email addresses, security questions, their answers, and password salts.[/FONT][FONT=museo_sans]Despite the hacker claiming his intrusion went unnoticed, the breach was detected and discussed by the company towards the end of the past week. At one point, the vBulletin website was put offline for maintenance and continues to be down at the time of this article.[/FONT][FONT=museo_sans]Before going offline, vBulletin's forum stats page listed around 345,000 users. We have contacted the company for a statement.[/FONT]Foxit Software also hacked, with the same vBulletin exploit

    [FONT=museo_sans]But the bad news doesn't end here. According to the same @Cyber_War_News, after breaching the vBulletin.com website, Coldroot then moved on to the forums of Foxit Software, a company specialized in producing desktop applications.[/FONT][FONT=museo_sans]Foxit was running vBulletin's forum package, and the hacker said he used the same zero-day bug to breach their database, stealing data for around 260,000 customer accounts. Foxit Software forum's statistics section lists over 535,000 accounts.[/FONT][FONT=museo_sans]The hacker claims that the entire Foxit hack took him only two days. We have also reached out to Foxit Software for comment. We will update this article as soon as new information becomes available.


    • Thanks Thanks x 1
  2. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Mar 21, 2013
    Likes Received:
    Home Page:
    So long Vbulletin. You've had your glory. It's dead now, version 5 doesn't work, the company was divided, there's conflict everywhere and now this. Buying VB5 was money in the garbage for me. Xenforo wins 10 to 1.