phpBB EXPLOIT fix ASAP

Peter · 11-19-2004, 03:36 PM

Think this is the best place for this but anyway a bug was found a while back in phpBB and should be fixed ASAP.

The bug itself is to do with the highlighting system all detasils on how to do the fix is located at http://www.phpbb.com/phpBB/viewtopic.php?t=240513 (just 1 file edit)

Question? · 11-19-2004, 03:47 PM

i didnt know phpBB worked off ASP i thought it was php some one help!!!! im being seriouse lol

Peter · 11-19-2004, 07:36 PM

please please tell me where you say im being serious you are not being serious hehe

But on a serious note this looks like a major bug that can cause someone to execute malicious code on the server which could basically do anything included dropping a database or deleting files on the server (in fact the person who discovered this bug had files deleted on their server and was accused of doing it themselves by their ISP).

DuffMan · 11-21-2004, 03:07 PM

Wow, this is a huge surprise, especially after the dev team said the exploits were fake. Anyone know if this bug affects all versions of phpBB? (I'm running an early 2.0.x on one of my sites.)

Peter · 11-21-2004, 11:09 PM

yes it does,

Redleg · 11-21-2004, 11:54 PM

Quote:

Originally Posted by DuffMan

Wow, this is a huge surprise, especially after the dev team said the exploits were fake. Anyone know if this bug affects all versions of phpBB? (I'm running an early 2.0.x on one of my sites.)

You should upgrade to v2.0.11 ASAP.

Read this thread about it:
http://www.namepros.com/website-development/56586-phpbb-2-0-11-released-critical.html#post369274

peaudecastor · 11-22-2004, 09:03 AM

Thanks a lot.

Mass-mailed my webhosting user and fixed my own.

Cheers,
Matt

DuffMan · 11-24-2004, 02:06 PM

Weird, I just upgraded and when I try to login or go to the admin panel I get sent to microsoft.com. What's up with that?

EDIT: Looks like it sends me to Microsoft.com after I login or logout, and when I try to access the admin panel when not logged in. I've checked my settings and they're fine.

Peter · 11-24-2004, 11:33 PM

are you sure it only happens on your forum, check your pc with an antivirus etc.

I very much doubt the update would cause this unless you did not download it from the official site.

11-19-2004, 03:36 PM	#1 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	phpBB EXPLOIT fix ASAP Think this is the best place for this but anyway a bug was found a while back in phpBB and should be fixed ASAP. The bug itself is to do with the highlighting system all detasils on how to do the fix is located at http://www.phpbb.com/phpBB/viewtopic.php?t=240513 (just 1 file edit) __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

11-19-2004, 07:36 PM	#3 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	please please tell me where you say im being serious you are not being serious hehe But on a serious note this looks like a major bug that can cause someone to execute malicious code on the server which could basically do anything included dropping a database or deleting files on the server (in fact the person who discovered this bug had files deleted on their server and was accused of doing it themselves by their ISP). __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

11-21-2004, 03:07 PM	#4 (permalink)
DuffMan NamePros Regular Join Date: Jul 2003 Location: Maryland, USA Posts: 603 77.00 NP$ (Donate)	Wow, this is a huge surprise, especially after the dev team said the exploits were fake. Anyone know if this bug affects all versions of phpBB? (I'm running an early 2.0.x on one of my sites.) __________________ Eric AKA DuffMan [HG Interactive] [ ShoutPro]

11-21-2004, 11:09 PM	#5 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	yes it does, __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

11-22-2004, 09:03 AM	#7 (permalink)
peaudecastor québécois libre Join Date: Oct 2003 Location: Trois-Rivieres, Québec Posts: 563 353.91 NP$ (Donate)	Thanks a lot. Mass-mailed my webhosting user and fixed my own. Cheers, Matt __________________ French / Quebec domain name portfolio Le Blogue du Québec

11-19-2004, 03:47 PM	#2 (permalink)
Question? Account Suspended Join Date: Nov 2004 Posts: 59 160.00 NP$ (Donate)	i didnt know phpBB worked off ASP i thought it was php some one help!!!! im being seriouse lol

11-24-2004, 02:06 PM	#8 (permalink)
DuffMan NamePros Regular Join Date: Jul 2003 Location: Maryland, USA Posts: 603 77.00 NP$ (Donate)	Weird, I just upgraded and when I try to login or go to the admin panel I get sent to microsoft.com. What's up with that? EDIT: Looks like it sends me to Microsoft.com after I login or logout, and when I try to access the admin panel when not logged in. I've checked my settings and they're fine. __________________ Eric AKA DuffMan [HG Interactive] [ ShoutPro] Last edited by DuffMan; 11-24-2004 at 02:10 PM.

11-24-2004, 11:33 PM	#9 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	are you sure it only happens on your forum, check your pc with an antivirus etc. I very much doubt the update would cause this unless you did not download it from the official site. __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)