jamal 0 Report post Posted May 1, 2005 A new exploit is already out for phpbb 2.0.13. I've asked the phpbb development team about it, and they say it will be fixed in version 2.0.14. It's a way to make yourself admin through exploitation of cookie data. Here's the fix anyway: Add $userdata['user_level'] = USER;after every $userdata['user_id'] = ANONYMOUS;in session.php Share this post Link to post Share on other sites
OpaQue 15 Report post Posted May 1, 2005 Thanks for sharing this information with us. This will definately help most of the people using PHPbb Share this post Link to post Share on other sites
gunbound 0 Report post Posted May 1, 2005 You mean sessions.php, right? It's located in the includes folder. I found just two instances of $user_id = $userdata['user_id'] = ANONYMOUS; is that all? I don't know PHP very well, so could you confirm that this is all right? Thanks. Share this post Link to post Share on other sites
mbd5882 0 Report post Posted May 1, 2005 I beleve it is,You should take up a cource in php or asp.Its really cool or you could go onto Win server 2005 or 4, which ever ones out now.Anyway, as usual my sig-Thanks,FFC Webmaster,Asad Haider. Share this post Link to post Share on other sites
Odyssey 0 Report post Posted May 1, 2005 Thanks for telling us about this flaw. I upgraded as soon as I found this out!To everoyne else - Make sure that you upgrade your version of phpBB as soon as possible, it is a good habbit to always upgrade Share this post Link to post Share on other sites
eX_Raven_ 0 Report post Posted May 6, 2005 Yes I strongly Advise everyone on phpBB to upgrade to 2.0.14 ASAP. My Clan was on phpBB 2.0.13 and some people who disliked us did the same thing and deleted our forums several times. Share this post Link to post Share on other sites
mobious 0 Report post Posted May 9, 2005 why not just upgrade to 2.0.15? it's already released. Share this post Link to post Share on other sites