Security Vulnerabilities in phpBB

[Guest]

This forum (phpBB 2.0.11) is vulnerable to multiple security holes which could easily be used to gain administrator access. It is very import that Forum updates to the latest version of phpBB or risk the privacy of all users. I would create an account to tell you this but I would be in danger of getting my password stolen.

[[SGC_ReplicÅtors]]

what type of security holes?

[Guest]

Advisory:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563
Exploit:
http://packetstormsecurity.org/0503-exp ... autolog.pl

[Forum]

at least there are less holes than windows, or IE, or MSN
either way, will update soon...

[Guest]

Thanks, long live open source.

[myFriend]

This forum (phpBB 2.0.11) is vulnerable to multiple security holes which could easily be used to gain administrator access. It is very import that Forum updates to the latest version of phpBB or risk the privacy of all users. I would create an account to tell you this but I would be in danger of getting my password stolen.

ever herd of keeping suff like this quiet. if there is something this big you don't go and stick it for every one to know. its like shouting the bank safe is made of ducktape. PLZ use the PRIVATE MESSAGE system so you don't encerage people to try to hack!

[Xavier]

I agree. I would prefer only you know than the entire community.

This is a huge neon sign, saying, "Everyone please hack".



Hopefully this thread is removed and no one speak of this again until it's updated.

[forgive_me]

and wats the big thinh....its THE FORUM.....good thing that its not the game.....so who cares if u can hach the forum....u get wath...access to posts u already see......BIG THING

[Xavier]

I use my forum password elsewhere. Such as the SGW chatroom. Such as lots of different forums.

I'm sure there would also be people whose password for SGW is the same as their password for the forum. Access to these passwords would not be good.

[forgive_me]

I use my forum password elsewhere. Such as the SGW chatroom. Such as lots of different forums.

I'm sure there would also be people whose password for SGW is the same as their password for the forum. Access to these passwords would not be good.

unless u find a way to decode the md5 WITH CHEY....than u are a genious and wont need to find a persons password to get in someones acount....

passwords are incripted with MD5(google for info) that hase a extra protection by ading a chey(in hexazecimal value).....so it will take u aprosimatly 275 days with a intel pentiun 4 at 3200Hz to decode one password....want to try?

[Xavier]

I don't know the technicalities behind it, I was just following what Guest wrote for the first post.

[forgive_me]

I don't know the technicalities behind it, I was just following what Guest wrote for the first post.

trust me on this....dont belive everything a guest wrotes.....

[Xavier]

Ok, after our discussion in the chat room, I think I will trust you. Just a false alarm? Maybe.

[WhiteyDude]

Apart from the typos forgive_me, you are absolutly right.

They can't really find a way to decrypt the MD5's unless they have a lot of time on their hands.

Also, please stop calling these hackers - they are crackers, not hackers.


I consider myself a hacker, as hacking is a persuit of knowlage.

Please click here to learn the difference.

Thanks guys.



/Whitey

[Xavier]

Apart from the typos forgive_me, you are absolutly right.

Be nice!!! I see typos in your messages too!

Also, please stop calling these hackers - they are crackers, not hackers.

I consider myself a hacker, as hacking is a persuit of knowlage.

Please click here to learn the difference.

...

In that case you have pursued knowledge a lot.