Jump to content
Igor Savkic

Possible security issue on this forum

Recommended Posts

I'm using Firefox and each time I visit this forum I'm prompted to enter credentials for accessing virteq.com site (see attachment).

 

I see it's being used as some skinning solution so it's not essential, I think it should be removed since their site could be compromised (this authentication prompt is not normal behaviour).

post-1741-0-57697300-1489724667_thumb.jpg

Share this post


Link to post
Share on other sites

this script http://forums.smartmobilestudio.com/public/style_images/Bulletin/ips.mcr.js

inject some ofending HTML code into the DIV 'mcr-root-container'

<h3>Skin By Virteq</h3>
<div class='ipsBox_container ipsPad'>
  <div style='display: inline-block; margin-left: 2em; margin-right: 10px; vertical-align: top'>
<a href='http://virteq.com/'>
 <img style='height: 80px; width: 80px;' src='http://virteq.com/profile_picture.png' />
</a>
  </div>
  <div style='display: inline-block; margin-left: 2em'>We at 
  <strong>
<a href='http://virteq.com/'>Virteq</a>
  </strong> Would like to thank you for purchasing our product.
  <br />It's because of you we're able to continue making awesome skins.
  <br />Best Regards,
  <br />
  <br />Virteq LLC</div>
</div>

When the code is injected, there is a reference to a protected resource "http://virteq.com/profile_picture.png"they probably protect this resource, and asking the basic authentication. chrome will ignore but FF will ask the credentials to load this image. 

 

Injecting code is very suspicious, could redirect a user to specific place and steal some data. This is an ofending code for me.

 

 

 

Share this post


Link to post
Share on other sites

FYI:

 

As you see in the footer of the Forum, Virteq is simply the provider of the IPB Skin templated we used for the site.

 

We are looking into the issue, but the work requires a bit more job than first anticipated. We need to update the whole board to v4, as v3.x is no longer supported.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×