-
phpBB Security
I was browsing through a huge list of Forum packages and came across one that appealed to me the most.
Are there any security flaws or exploits in PhpBB 2.04 that I need to concern myself with and how would I test these flaws and exploits to see if they work, and mostly, how do I fix them?
-
I didn't really look these over but I'm sure there are some exploits.
http://www.google.com/search?hl=en&i...=Google+Search
Also, I would recommend upgrading to phpBB 2.0.6 and just keep a watch on there site for patches and updates.
Someone else will probably be able to help more on the security but if you keep it up to date that is a start.
-
You could check the site im sure they have known bugs. Maybe even ask other users who use it. There is never any way of knowing every bug in software.
-
phpBB 2.0.6 and earlier has three security vulnerabilities:
BID-8570: XSS->phpBB 2.0.6 and earlier
CAN-2003-0486: SQL Injection-> phpBB 2.0.4
BID-7932: Script Injection->phpBB 2.0.0-2.0.4
There are workarounds available for all of these vulnerabilities. The most serious are CAN-2003-0486 which would allow an attacker to steal the hash of the password for the admin user and BID-7932 which allows an attacker to run arbitrary code.
-
That is a pretty good attempt at helping me, but I have no C compiler handy to really test phpBB out with it's exploits. I think I'll switch to 2.0.6.
Thanks guys :)
-
If you need a C Complier try Bloodshed. Its free. Find it at www.downlaod.com