• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Warning, if you have a PHPBB Forum, UPDATE NOW OR BE HACKED.

H

hevnsnt

Lifer
I am sick of seeing these phpbb sites get hacked..

If you are running ANYTHING lower than 2.0.11, you need to update NOW.
http://www.phpbb.com/phpBB/vie....php?f=14&t=240636

An exploit was released last week that makes it SIMPLE for any scriptkiddie to crack your site.

Please update now.

Want an example:
espnvideogames.com (PhpBB 2.0.6)

So you say: Oh, but hevnsnt, no one knows about my site.. There is no reason to patch it.

1. Wrong, Using a crafty google search, they can find your site. 3,830,000 Potential Targets
2. It is people that think like this that allow these scumbags to host their hacking tools on their site without them knowing it. Then they will use those tools to hack into other sites.
 
Rossman & n0cmonkey are taking notes on all of your phpbb forums and will begin "r00tin" tonight. You have been warned.

😛
 
Thanks for the heads up, all my forums are up to date.


LOL What I find more amusing is the fact that on shok3's website he himself is infact running php 2.0.10 :laugh:

Someone really needs to own him.. haha

--Mark
 
Thanks for the warning. Upgraded...although, it would have only made about 8 people mad if there was a problem. 🙂
 
Originally posted by: SaturnX
Thanks for the heads up, all my forums are up to date.


LOL What I find more amusing is the fact that on shok3's website he himself is infact running php 2.0.10 :laugh:

Someone really needs to own him.. haha

--Mark
Click to expand...
And his site runs PHP-Nuke, that's just begging to be hacked.😛
 
Those bastards at MerchantAccounts (spammer forum from a few days back) upgraded to vBulletin 3.0.3 unfortunately.

*patiently waits for an exploit* 😀

- M4H
 
Originally posted by: ViRGE
Originally posted by: SaturnX
Thanks for the heads up, all my forums are up to date.


LOL What I find more amusing is the fact that on shok3's website he himself is infact running php 2.0.10 :laugh:

Someone really needs to own him.. haha

--Mark
Click to expand...
And his site runs PHP-Nuke, that's just begging to be hacked.😛
Click to expand...


Problem is he is running a PHP-Nuke protect script, so if you even poke at his site, you will be banned by ip.. (which you can of course get around with proxys...) I did some proding on his site, he is running phpnuke 7.5 & I have absolute paths on webserver if needed.. 🙂
 
heh. phpbb sucks. its templating system is the best and easiest to use by far, but other than that, it's crap. it uses more queries in forums, often loading VERY slow when the forum starts to get large, and it lacks so many administrative options it's not even funny. anyone who's using it should be switching to SMF...the best free forum software by far.
 
Originally posted by: SofaKing
heh. phpbb sucks. its templating system is the best and easiest to use by far, but other than that, it's crap. it uses more queries in forums, often loading VERY slow when the forum starts to get large, and it lacks so many administrative options it's not even funny. anyone who's using it should be switching to SMF...the best free forum software by far.
Click to expand...

I wish IPB 2.0 was still free 🙁
 
Originally posted by: SofaKing
heh. phpbb sucks. its templating system is the best and easiest to use by far, but other than that, it's crap. it uses more queries in forums, often loading VERY slow when the forum starts to get large, and it lacks so many administrative options it's not even funny. anyone who's using it should be switching to SMF...the best free forum software by far.
Click to expand...



It's still better than Fuse Talk.
 
Originally posted by: Wallydraigle
Originally posted by: SofaKing
heh. phpbb sucks. its templating system is the best and easiest to use by far, but other than that, it's crap. it uses more queries in forums, often loading VERY slow when the forum starts to get large, and it lacks so many administrative options it's not even funny. anyone who's using it should be switching to SMF...the best free forum software by far.
Click to expand...



It's still better than Fuse Talk.
Click to expand...

word.... i like the smileys and all the other crap better
 
Um also, you might want to get your information correct.

The vulnerability is in PHP versions <= 4.3.9, not phpBB, however the exploit proof of concept was written for phpBB. The update you posted has nothing about this.

* Fixed unsetting global vars - Matt Kavanagh
* Fixed XSS vulnerability in username handling - AnthraX101
* Fixed not confirmed sql injection in username handling - warmth
* Added check for empty topic id in topic_review function
* Added visual confirmation mod to code base

all of that is useless and does nothing to fix this as far as I know, unless they're not publishing other information.

The PHP exploit involves:

Insufficient input validation of serialized strings lead to memory corruption and
information disclosre.
http://securityfocus.com/archi...004-12-14/2004-12-20/0

The PHP vulnerability uses this to it's advantage, and the proof of concept code can be found here:
http://www.packetstormsecurity...ts/phpbbmemorydump.cpp
 
Originally posted by: hevnsnt
Check the date of the OP..
Click to expand...

Ah, interesting, but my point still remains that it's not phpBB that's the problem. (although that depends on how you look at it 😀)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top