Phpbb Exploit

[Solar 0]

Recently, an exploit has been found out that allows people to use their cookies to gain access to the ACP. And Firefox assists with it !Basically what happens that is when you visitthe phpBB forum, it logs a cookie containing your Session ID (Basically who and when you are). What it does, after much decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13.Dun dun dunnnnn! Beware

[Mike 0]

Ah, that's the exploit my friend was telling me about? He was breaking into admin accounts on phpBB and I'm like, dude, wtf? And he was like, I'm a 1337 hax. >_> But I knew he was lying and that there was some kinda of exploit behind it. ~_~ That fake hacker.

[Solar 0]

Exactly.I've been going arond and warning people, just because I'm so nice *cough cough*

[GM-University 0]

This was already posted...

[Solar 0]

Oh...:)Link please?

[bureX 0]

Hmm... Maybe here:
http://forums.xisto.com/topic/8253-phpbb-hackers-lol/

[OwrLam 0]

PHPbb one of the most famous forums, thats whi he is under attack =)

[rectab 0]

Exactly.This was already posted...

[Solar 0]

Bumping up a completely old topic just to spam? Wow... I'm reading through all of your posts and I can see why your hosting got denied. Maybe if you actually spent some time using what little bit of intelligence you may have left, you could muster up some quality posts.

[psychiccyberfreak 0]

Do you know where you can get the update for PHPnuke? I dont know how to upgrade otherwize.

[crystal 0]

Thank you very much!!pass by!

[Trekkie101 0]

I would recomend moving from phpBB, in my opinion its seen its glory days and they have gone. (This is MY opinion not a host decision) They are a huge target now with the code being insecure, I present to you SMF, Simple Machines Forum from the makers of YaBBSE, Yabbse wasnt anything to sing about but now SMF is, its in RAPID development, I mean, theres the current release 1.0.3 and 1.1 is already stable, although we wont be seeing 1.1 for months its gonna be as easy as the rest of the SMF updates (Clocked 5 seconds!). SMF has a package manager that automatically installs mods you want so you dont need to touch the code. It has over 85 themes already. Its been rated by several people to be better than paid software, also it is free and can handle any load. If your wondering why are we using IPB, then just wait, the Trekkie is working :)Check it out http://www.simplemachines.org/ My install (on Xisto) http://forums.xisto.com/no_longer_exists/ Enjoy!

[guangdian 0]

ASP & php Open Source Oh god such lots of Exploit I just wanna not using this scripts I just will creat my HTML based pages by my hand~aha.

[GuySpook 0]

Sounds bad i also heard there was a exploit on phpbb that would allow u to get in to ACP and the phpbb website via AWStats if anyone has info on these pls let me know:DGuySpook

[Trekkie101 0]

yeah, pretty much public knowledge anyway.Theres a phpBB bug that can let you in ACPtheres a a bug in awstats that was used against the phpBB site not forums killed the server.