Dark_Matter Posted March 12, 2006 CID Share Posted March 12, 2006 Figured i'd post this so if any of you know someone using phpBB you can warn them. Program: phpBB Homepage: http://www.phpbb.com Vulnerable Versions: All phpBB versions Risk: High Risk!! Impact: Multiple DoS Vulnerabilities. -==phpBB Multiple DoS Vulnerabilities ==- --------------------------------------------------------- - Description --------------------------------------------------------- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites. - Tested --------------------------------------------------------- many forums - Explotation --------------------------------------------------------- profile.php << By registering as many users as you can. The registration has to ve deactived the security code image. search.php << by searching in a way that the db couln't observe it. This vulnerability has discovered in the version 2.0.15 but it works in all versions if the security image code is not activ ated. The exploits used were published some months ago, you can check it out in www.neosecurityteam.net Quote Link to comment Share on other sites More sharing options...
php Posted March 12, 2006 CID Share Posted March 12, 2006 if anyone's running phpBB I would recommend they switch to SMF anyway... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.