-
October 6th, 2003, 02:09 AM
#1
Member
phpBB Security
I was browsing through a huge list of Forum packages and came across one that appealed to me the most.
Are there any security flaws or exploits in PhpBB 2.04 that I need to concern myself with and how would I test these flaws and exploits to see if they work, and mostly, how do I fix them?
TinFoilHat Linux O.o who needs more?
-
October 6th, 2003, 02:14 AM
#2
I didn't really look these over but I'm sure there are some exploits.
http://www.google.com/search?hl=en&i...=Google+Search
Also, I would recommend upgrading to phpBB 2.0.6 and just keep a watch on there site for patches and updates.
Someone else will probably be able to help more on the security but if you keep it up to date that is a start.
-
October 6th, 2003, 02:18 AM
#3
You could check the site im sure they have known bugs. Maybe even ask other users who use it. There is never any way of knowing every bug in software.
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
-
October 6th, 2003, 02:23 AM
#4
phpBB 2.0.6 and earlier has three security vulnerabilities:
BID-8570: XSS->phpBB 2.0.6 and earlier
CAN-2003-0486: SQL Injection-> phpBB 2.0.4
BID-7932: Script Injection->phpBB 2.0.0-2.0.4
There are workarounds available for all of these vulnerabilities. The most serious are CAN-2003-0486 which would allow an attacker to steal the hash of the password for the admin user and BID-7932 which allows an attacker to run arbitrary code.
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
October 6th, 2003, 02:43 AM
#5
Member
That is a pretty good attempt at helping me, but I have no C compiler handy to really test phpBB out with it's exploits. I think I'll switch to 2.0.6.
Thanks guys
TinFoilHat Linux O.o who needs more?
-
October 6th, 2003, 02:57 AM
#6
If you need a C Complier try Bloodshed. Its free. Find it at www.downlaod.com
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|