Zacker Posted December 28, 2004 Report Share Posted December 28, 2004 I recommend that you upgrade to phpBB 2.0.11. Your current version makes it rather easy for both hackers and worms to infect your server. The highlight vulnerability, which exists in your forum version, allows worms to execute arbitary code on your server. You can test it yourself with this perl script: http://www.securiteam.com/exploits/6W00L0KC0I.html Quote Link to comment Share on other sites More sharing options...
Duff-e Posted December 28, 2004 Report Share Posted December 28, 2004 shhhh....now they know!!! Quote Link to comment Share on other sites More sharing options...
FrieChamp Posted December 28, 2004 Report Share Posted December 28, 2004 Yea a pm to the admins might have been smarter, thanks for the heads up though! Quote Link to comment Share on other sites More sharing options...
OL Posted December 28, 2004 Report Share Posted December 28, 2004 iv been hearing about this although the code looks like it uses google and i remember reading that theyve fixed it so it cant do that Quote Link to comment Share on other sites More sharing options...
D3adlode Posted December 28, 2004 Report Share Posted December 28, 2004 We had this guy over on RUST as well but I didn't realise the problem existed here. He seems to very dedicated towards his 'job', ta for the info again mate.. Quote Link to comment Share on other sites More sharing options...
Zacker Posted December 28, 2004 Author Report Share Posted December 28, 2004 Correct, that code uses Google and they have prevented that now. The exploit however is still there. Google was used to find exploitable sites. You can do it manually by doing a search and then using highlight. Through the highlight you can make an SQL-injection. You can fix this by removing the url decoding(at the highlight html parsing) in viewtopic.php. Quote Link to comment Share on other sites More sharing options...
Section_Ei8ht Posted December 29, 2004 Report Share Posted December 29, 2004 True. A design forum I hang out in was hacked a few weeks ago. Of course we found out the hacker and thus lets just say that reperations have been served... harshly... Quote Link to comment Share on other sites More sharing options...
Urban Posted December 29, 2004 Report Share Posted December 29, 2004 h4x Quote Link to comment Share on other sites More sharing options...
Thrik Posted December 29, 2004 Report Share Posted December 29, 2004 Hopefully Mikey backs this forum up! D: Quote Link to comment Share on other sites More sharing options...
OL Posted December 29, 2004 Report Share Posted December 29, 2004 Hopefully Mikey *reads* this forum! D: Quote Link to comment Share on other sites More sharing options...
mikezilla Posted December 30, 2004 Report Share Posted December 30, 2004 but of course i do. on it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.