It’s a known fact I share a hatred for the vBulletin modification communities that sell their addons. The company I hate most of all is vBCover, who create and sell their overpriced and bloated addons, and also scam their customers. I have found another problem with their addons today; several addons are backdoored.
The product in question is cmsMagick but I have no doubt that other vBCover products contain similar backdoors.
The backdoor is not a standard backdoor, such as one that could spawn a shell however. The backdoors I found were ones that had the ability to delete tables within the database and cause a site using certain modifications to break.
In an effort to hide the backdoored code, the products are ionCubed, however using a publically-available decoder it is possible to see where the backdoors are.
By executing a request to the website in question using the parameters vbnews.php?do=control&licenseinfo=———–censored———–&table=user someone who has access to the correct license info (ie. the owner of vBCover, Lionel Martelly) would be able to delete the entire contents of the „user“ table.
This does not indicate much as an attacker MUST have the right code in order to delete the contents of a table; however the one person who DOES have access to said codes who is not the license owner is Lionel Martelly, who dislikes his clients to such an extent he will not provide any support to them if they create two or more support tickets and willingly backdoors their products.
I strongly suggest that all users using any of vBCover’s products immediately remove all the vBCover product files from their servers.
Source : p0wersurge.com