amuck-landowner

vpsBoard downtime announcement

MannDude

Just a dude
vpsBoard Founder
Moderator
There was a nasty IPB 0-day released to the wild, as such vpsBoard was taken offline as a precautionary measure. While there is no patch available yet deleting ipsconnect.php should have fixed the issue.

I want to thank @Francisco for alerting me of this as it came to his attention very shortly after it was released. IPBoard wasn't even aware the exploit was out there until I had ticketed them to request why they haven't warned their members on their community forums yet.

Anyhow, we're back. :)
 

D. Strout

Resident IPv6 Proponent
There was a nasty IPB 0-day released to the wild, as such vpsBoard was taken offline as a precautionary measure. While there is no patch available yet deleting ipsconnect.php should have fixed the issue.

I want to thank @Francisco for alerting me of this as it came to his attention very shortly after it was released. IPBoard wasn't even aware the exploit was out there until I had ticketed them to request why they haven't warned their members on their community forums yet.

Anyhow, we're back. :)
What does (did) ipsconnect.php do?
 

raindog308

vpsBoard Premium Member
Moderator
ipsconnect allows multiple sites to share one login.  I think you can even federate to other boards.

Invision kind of fumbled this response though.  They say:

"It has been brought to our attention that certain PHP configurations allow for a potential SQL injection vulnerability. Although this exploit requires some knowledge of your configuration and for certain files to be web-readable, we felt it important to release an update."

However, I ran the exploit against my IPB and it injected SQL just fine - no "knowledge" was needed other than the URL.
 

k0nsl

Bad Goy
Didn't IP.Board also delete your topic? Perhaps out of concern for hatching an idea as to what/how to fix the issue, though..so in that respect I could understand them. A little.
 

drmike

100% Tier-1 Gogent
Didn't IP.Board also delete your topic? Perhaps out of concern for hatching an idea as to what/how to fix the issue, though..so in that respect I could understand them. A little.
Yeah they did that.

Boo MFers.  Waaa don't show the masses our exploited asses.
 
Top
amuck-landowner