I want answers and I want them now. This is completely and utterly ridiculous. Absurd. A complete farce.
Never have I ever been so concern than I was two days ago. After watching this ridiculous security flaw unfold, and talking it over with Chronos, he made a strong point. HOW THE !@#$%& DO YOU SCREW UP A STABLE PLATFORM LIKE VBULLETIN 3.8?!?!!
We’ve had our fair share of vulnerabilities when vBulletin was under Jelsoft. They varied from Cross Site Request Forgeries, Cross Site Scripting Vulnerabilities and SQL Injections. NEVER EVER had I ever seen a vulnerability as bad as the one introduced by Internet Brands. A vulnerability that could potentially expose your SQL Username, SQL Password, SQL Server and SQL Port information? My God!
Vulnerabilities were at least contained strictly to the application itself, but now it has completely spread beyond the application and allowing script kiddies direct access into people’s database server.
I find that extremely unsettling. To err is human, to screw up a stable version of vBulletin requires Internet Brands.