phpBB Security
Results 1 to 6 of 6

Thread: phpBB Security

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    35

    phpBB Security

    I was browsing through a huge list of Forum packages and came across one that appealed to me the most.
    Are there any security flaws or exploits in PhpBB 2.04 that I need to concern myself with and how would I test these flaws and exploits to see if they work, and mostly, how do I fix them?
    TinFoilHat Linux O.o who needs more?

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I didn't really look these over but I'm sure there are some exploits.
    http://www.google.com/search?hl=en&i...=Google+Search

    Also, I would recommend upgrading to phpBB 2.0.6 and just keep a watch on there site for patches and updates.
    Someone else will probably be able to help more on the security but if you keep it up to date that is a start.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    You could check the site im sure they have known bugs. Maybe even ask other users who use it. There is never any way of knowing every bug in software.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    phpBB 2.0.6 and earlier has three security vulnerabilities:

    BID-8570: XSS->phpBB 2.0.6 and earlier
    CAN-2003-0486: SQL Injection-> phpBB 2.0.4
    BID-7932: Script Injection->phpBB 2.0.0-2.0.4

    There are workarounds available for all of these vulnerabilities. The most serious are CAN-2003-0486 which would allow an attacker to steal the hash of the password for the admin user and BID-7932 which allows an attacker to run arbitrary code.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  5. #5
    Member
    Join Date
    Jul 2003
    Posts
    35
    That is a pretty good attempt at helping me, but I have no C compiler handy to really test phpBB out with it's exploits. I think I'll switch to 2.0.6.
    Thanks guys
    TinFoilHat Linux O.o who needs more?

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    If you need a C Complier try Bloodshed. Its free. Find it at www.downlaod.com
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •