Mapcore open for exploits

Zacker · December 28, 2004

I recommend that you upgrade to phpBB 2.0.11. Your current version makes it rather easy for both hackers and worms to infect your server.

The highlight vulnerability, which exists in your forum version, allows worms to execute arbitary code on your server.

You can test it yourself with this perl script:

http://www.securiteam.com/exploits/6W00L0KC0I.html

Duff-e · December 28, 2004

shhhh....now they know!!!

FrieChamp · December 28, 2004

Yea a pm to the admins might have been smarter, thanks for the heads up though!

OL · December 28, 2004

iv been hearing about this

although the code looks like it uses google and i remember reading that theyve fixed it so it cant do that

D3adlode · December 28, 2004

We had this guy over on RUST as well but I didn't realise the problem existed here. He seems to very dedicated towards his 'job', ta for the info again mate..

Zacker · December 28, 2004

Correct, that code uses Google and they have prevented that now. The exploit however is still there. Google was used to find exploitable sites.

You can do it manually by doing a search and then using highlight. Through the highlight you can make an SQL-injection. You can fix this by removing the url decoding(at the highlight html parsing) in viewtopic.php.

Section_Ei8ht · December 29, 2004

True. A design forum I hang out in was hacked a few weeks ago. Of course we found out the hacker and thus lets just say that reperations have been served... harshly...

Urban · December 29, 2004

h4x

Thrik · December 29, 2004

Hopefully Mikey backs this forum up! D:

OL · December 29, 2004

Hopefully Mikey *reads* this forum! D:

mikezilla · December 30, 2004

but of course i do.

on it

Sign In

Mapcore open for exploits

Recommended Posts

Zacker

Duff-e

FrieChamp

OL

D3adlode

Zacker

Section_Ei8ht

Urban

Thrik

OL

mikezilla

Join the conversation