Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

SQL injection bug in phpBB 2.08
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
ballymuntrev
Hangin' Around



Joined: Mar 22, 2004
Posts: 49
PostPosted: Fri Mar 26, 2004 1:41 pm Reply with quote
ffs, another one ! I reckon the phpBB codeing group should employ chatserv and Raven to look over their code and improve *before* they ever release it.

Any idea's guys on how to fix it ?

Only registered users can see links on this board! Get registered or login!

That link is the direct link to the exploit.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri Mar 26, 2004 1:54 pm Reply with quote
You know, this is pathetic. I'm sorry to be so harsh, but it is. Actually they should pass their code by the guy who wrote the exploit Evil or Very Mad
 
View user's profile Send private message
ballymuntrev
PostPosted: Fri Mar 26, 2004 2:11 pm Reply with quote
Here is the problem code of privmsg.php

EDIT: I'll just remove the code here that I entered, in case it confuses things Smile


Last edited by ballymuntrev on Fri Mar 26, 2004 2:25 pm; edited 1 time in total 
Raven
PostPosted: Fri Mar 26, 2004 2:14 pm Reply with quote
I've read the exploit and ultimately it's still the UNION exploit, if I read it correctly. The code isn't quoted properly.
 
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
PostPosted: Fri Mar 26, 2004 2:39 pm Reply with quote
The hack alert script and similar protection lines block this attack, i assume one is to remove the . in $pm_sql_user .= " but i'll wait for phpBB group's reaction.

sigh
 
View user's profile Send private message Visit poster's website
Tank863
New Member
New Member



Joined: May 29, 2003
Posts: 16
PostPosted: Fri Mar 26, 2004 10:10 pm Reply with quote
I have tried this on my site...

Raven's Hack Alert stopped it and sent me an email.
Protector Stopped it and recorded it.
Admin Secure sent me an email and stopped it.

Good deal..

Tank863
 
View user's profile Send private message
Johan1982
New Member
New Member



Joined: Oct 23, 2003
Posts: 24
PostPosted: Fri Mar 26, 2004 11:26 pm Reply with quote
See this http://www.nettwerked.co.uk/code/privmsg-sqlinj.patch
 
View user's profile Send private message
Johan1982
PostPosted: Fri Mar 26, 2004 11:58 pm Reply with quote
This I do not understand, privmsg.php comes as it says the patch Rolling Eyes Rolling Eyes
 
Johan1982
PostPosted: Sun Mar 28, 2004 8:43 pm Reply with quote
chatserv wrote:
The hack alert script and similar protection lines block this attack, i assume one is to remove the . in $pm_sql_user .= " but i'll wait for phpBB group's reaction.

sigh


Correct, check http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=185180

Remove the . .
 
chatserv
PostPosted: Sun Mar 28, 2004 11:43 pm Reply with quote
The current zip and the PHP-Nuke Patched version have it already removed, i took it off the day i posted that comment and since nothing seemed to break i went ahead and edited the file.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©