OpenSUSE forums hacked in Another vBulletin attack

This is another worst data breach of the this year, as a Pakistani hacker "H4x0r HuSsY" have hacked and defaced the official forum of "OpenSUS", another developement of  Linux distro. Hacker have managed to add deface page on the server and also information of 79,500 registered users may have been compromised.
The forum was based on popular CMS 'vBulletin', and as same earlier also, hackers have found a zeroday exploit on the version 4.xx - 5.xx of vBulletin. This hack was also the results of the zeroday exploit, but this is different zeroday, hackers told to Thehackernews.

Interesting thing is that, OpenSUSU is still using vBulletin 4.2.1, which is vulnerable to  inject rogue administrator accounts flaw. After the earlier Zeroday attack, vBulletin have released the patched and bug fixed version of its CMS.

Hackers mentioned that, there exploit allows them to upload there php shell on the forum server, which allows him to browse further directory of the server with full privileged. This new exploit is working on the latest version of the vBulletin 5.0.5, and the patch of this exploit is not available yet.

As there are millions of site that use vBulletin CMS. Hackers have not shared any information about there exploit, this means that, they will use there exploit for further more sites also.

At this time, OpenSUSU team have taken down there forum, but you can see the mirror of the hack.

On the blog post, OpenSUSU have confirmed that there database have been breached but none of the users credentials have been leaked.

A cracker managed to exploit a vulnerability in the forum software which made it possible to upload files and gave access to the forum database.