Old 30th November 2004, 12:13   #1
419G
Member
 
Join Date: Nov 2004
Location: California
Posts: 56
Send a message via AIM to 419G Send a message via Yahoo to 419G
phpBB 2.0.10 Viewtopic exploit fix!

Just a day ago I was soon informed via SecurityFocus.com that a new exploit was out for phpBB. I figure I'd do my part to inform the masses that their phpBB forums are at risk. This exploit was tested out on my very own forum.

It works.

Very well.

Quote:
Following my original post it has been brought to our attention that the highlighting exploit can be taken advantage of, and it a serious way. We are hastily preparing a new release. However that release contains a number of other fixes and additions and thus we carrying out some internal testing to limit the chances of other issues arising.

In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency.

Open viewtopic.php in any text editor. Find the following section of code:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

for($i = 0; $i < sizeof($words); $i++)
{

and replace with:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

for($i = 0; $i < sizeof($words); $i++)
{

Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc.
source: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

-419G
419G is offline   Reply With Quote
Old 30th November 2004, 15:29   #2
mysterious_w
Forum King
 
mysterious_w's Avatar
 
Join Date: Dec 2003
Location: Good ol' Britain
Posts: 2,750
This forum isn't phpbb, it's a vbulletin board (right?).




mysterious_w is offline   Reply With Quote
Old 30th November 2004, 20:11   #3
419G
Member
 
Join Date: Nov 2004
Location: California
Posts: 56
Send a message via AIM to 419G Send a message via Yahoo to 419G
This is vBulletin, yes.

I posted this for users who have their own forum ran by phpBB.

-419G
419G is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Community Center > Breaking News

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump