# ioncube vulnerability in loader wizard



## HaitiBrother (Apr 1, 2014)

I was browsing in irc.cryto.net when I stumbled upon a user, whom will not be named who linked to a blog post which contains a Local-File inclusion vulnerability inside the ioncube loader wizard, please make sure to remove the ioncube loader wizard from your servers ASAP.

http://zoned.pw/?p=42


----------



## sv01 (Apr 2, 2014)

zoned.pw? owned by curtis??


----------



## HalfEatenPie (Apr 2, 2014)

Zoned.pw links are pretty pointless because they regurgitate other people's findings (and is just a script kiddie trying to act cool).

Here's a more detailed version about this:

http://www.firefart.net/multiple-vulnerabilities-in-ioncube-loader-wizard/

Basically, if you've updated your Ioncube Loader since March 4th, you're fine.


----------



## MartinD (Apr 2, 2014)

So, as per, it's a load of shit over something older than Noah.


----------



## MannDude (Apr 2, 2014)

sv01 said:


> zoned.pw? owned by curtis??


But _not_ to be confused with me, who happens to also be named Curtis.

If I understand correctly, the vulnerability exists if people don't follow the install instructions by removing the install files for the web-based tool? Correct?


----------



## jarland (Apr 2, 2014)

I can't imagine why the loader would be accessible on any server that anyone cares about, and if it is then I imagine you could just as easily compromise them on one of their 50 Wordpress plugins that they haven't updated in 6 years.


----------



## DomainBop (Apr 2, 2014)

> one of their 50 Wordpress plugins that they haven't updated in 6 years.


I don't believe your bullshit story that the reason you suspended my VPS is because my WordPress got hacked and was being used in a DDoS attack! I've had those 50 plugins on my site for 6 years and I NEVER got hacked before I moved to your hosting company so it's obviously YOUR fault if I got hacked!  You're a scammer for suspending my VPS and I'm going to tell everyone on WHT and LET about it!


----------



## HalfEatenPie (Apr 2, 2014)

DomainBop said:


> I don't believe your bullshit story that the reason you suspended my VPS is because my WordPress got hacked and was being used in a DDoS attack! I've had those 50 plugins on my site for 6 years and I NEVER got hacked before I moved to your hosting company so it's obviously YOUR fault if I got hacked!  You're a scammer for suspending my VPS and I'm going to tell everyone on WHT and LET about it!


Oh gheeze.  

Add Joomla to that list.


----------



## jarland (Apr 2, 2014)

DomainBop said:


> I don't believe your bullshit story that the reason you suspended my VPS is because my WordPress got hacked and was being used in a DDoS attack! I've had those 50 plugins on my site for 6 years and I NEVER got hacked before I moved to your hosting company so it's obviously YOUR fault if I got hacked! You're a scammer for suspending my VPS and I'm going to tell everyone on WHT and LET about it!


Are you spying on my life? Hahaha


----------

