phpBB-TweakS
The easiest way to 'tweak' your phpBB!
  
Advanced Search
    
 
Home Downloads FAQ Register FAQ Memberlist Usergroups Ranks
  Log in to check your private messages Log in  
   
 

Please help us to develop!

 
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
         

phpBB-TweakS Forum Index Feedback SecurityFocus
Display posts from previous:   
Half Thread Topic  Fully Thread Topic  Download Topic
      All times are GMT - 5 Hours  
Post new topic  Reply to topic

Fri Oct 20, 2006 3:18 am
Author Message
deny
Moderate TweakeR
Moderate TweakeR


Joined: 07 Jan 2005
Posts: 53
Words Posted: 4,860
Average Post: 91.70
Post subject: SecurityFocus Reply with quote
I just found this link

http://www.securityfocus.com/bid/20518

posted on 13 october 2006 where someone found vulnerability for phpBB security 1.0.1

Take a look of this quote

Quote:
phpBB Security is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 1.0.1; other versions may also be vulnerable


http://www.securityfocus.com/bid/20518


It was probably the very first version where was simple forgeten code

Code:
if ( !defined('IN_PHPBB') )
{
   die('Hacking attempt');
   exit;
}

that allow hacker to exploit.
I would like to let know other member that they are a lot hacks where author forget to insert this simple code above and make their board vulnerable via that mods.

Last edited by deny on Tue Apr 10, 2007 6:50 am; edited 1 time in total
Post #1
      Back To Top  

Sun Oct 22, 2006 4:32 am
Author Message
aUsTiN
Webmaster
Webmaster


Usa Georgia

Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
Post subject: Reply with quote
Code:

   #==== Added Per Techie-Micheal's Suggestion. Thanks!
   if (!defined('IN_PHPBB'))
      die('phpBB Security© Thinks You Should Go Away.');


It is in the file, it was added in 1.0.2 & is also in 1.0.3

I can not patch past issues, just release fixes & as long as people are not using a version from over a year ago, they have no problems.
Post #2
      Back To Top  

 
         

Post new topic  Reply to topic

phpBB-TweakS Forum Index Feedback SecurityFocus
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

      Back To Top  

Page 1 of 1
Jump to:  
 
Protected by phpBB Security © phpBB-TweakS
phpBB Security Has Blocked 3,235 Exploit Attempts.

· Archive · Sitemap: Index · Sitemap: Forums · Sitemap: Topics · Sitemap: Posts ·

:: [ Load Time: 2.8 Seconds ] :: [ 29 Queries ] :: [ 5,508 Page(s) Viewed Today ] ::
:: [ Todays Queries: 167,626 ] :: [ Highest Load: 1,396,429 Queries On May. 08, 2007 ] ::
:: [ SQL Load: 62% Time: 1.7 ] :: [ PHP Load: 38% Time: 1.1 ] :: [ Debug: On ] :: [ GZIP: Enabled ] ::
:: The server last rebooted 33 days, 10 hours, 5 minutes, 49 seconds ago. ::
The phpBB[Network]!
       


This page has been viewed 4,805,674 times, last viewed: Sun Jul 20, 2008 6:45 pm.
Powered by phpBB 2.0.* © 2001, 2002 phpBB Group
Avalanche style by What Is Real © 2004