Jump to content

Possible security issue on this forum

Recommended Posts

I'm using Firefox and each time I visit this forum I'm prompted to enter credentials for accessing virteq.com site (see attachment).


I see it's being used as some skinning solution so it's not essential, I think it should be removed since their site could be compromised (this authentication prompt is not normal behaviour).


Link to post
Share on other sites

this script http://forums.smartmobilestudio.com/public/style_images/Bulletin/ips.mcr.js

inject some ofending HTML code into the DIV 'mcr-root-container'

<h3>Skin By Virteq</h3>
<div class='ipsBox_container ipsPad'>
  <div style='display: inline-block; margin-left: 2em; margin-right: 10px; vertical-align: top'>
<a href='http://virteq.com/'>
 <img style='height: 80px; width: 80px;' src='http://virteq.com/profile_picture.png' />
  <div style='display: inline-block; margin-left: 2em'>We at 
<a href='http://virteq.com/'>Virteq</a>
  </strong> Would like to thank you for purchasing our product.
  <br />It's because of you we're able to continue making awesome skins.
  <br />Best Regards,
  <br />
  <br />Virteq LLC</div>

When the code is injected, there is a reference to a protected resource "http://virteq.com/profile_picture.png"they probably protect this resource, and asking the basic authentication. chrome will ignore but FF will ask the credentials to load this image. 


Injecting code is very suspicious, could redirect a user to specific place and steal some data. This is an ofending code for me.




Link to post
Share on other sites
  • 3 months later...
  • Administrators



As you see in the footer of the Forum, Virteq is simply the provider of the IPB Skin templated we used for the site.


We are looking into the issue, but the work requires a bit more job than first anticipated. We need to update the whole board to v4, as v3.x is no longer supported.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...