bureX
Apr 17 2005, 11:35 PM
Recently, a few exploits were made for phpBB 2.0.13 (like this one): http://lists.virus.org/bugtraq-0503/msg00109.htmlAnd some bugs were noticed as well (like this one): http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563And so, the phpBB team has released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing list: QUOTE(phpBB list) Hi everyone,
phpBB Group announces the release of phpBB 2.0.14, the "We know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor non-critical security issues. All issues not reported to us before being released are not credited to the founder, as usual.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error
- Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package.
- Removed version number from message body page in /admin (if user is not an admin) - mikelbeck
- Fixed case-sensitivity issues in postgres7.php - R45
As always, our Code Changes Tutorial will be soon available too for those with heavily modded boards.
I have installed it, and it is working properly.
Reply
soulsanctuary
Apr 18 2005, 05:12 PM
So how can i update my forum?? coz it's pre-installed in trap17 disk space.. anyone?? can help..??
Reply
bureX
Apr 18 2005, 09:05 PM
It's very simple! 1) Download the changed files from the phpBB website... ( http://www.phpbb.com/downloads.php ) 2) You will find a bunch of folders in the ZIP file that you have downloaded. The folder names will be like "X.X.XX_to_2.0.14", where X.X.XX is your current phpBB forum version (2.0.13 for example)... 3) Extract that folder and simply copy it's contents into your Trap17 forum folder (usually it is located in: "/publicHTML/forum"), confirm the replacing of the files when you are prompted to do so! 4) You will find 4 more folders in the ZIP file that you have downloaded ("install", "contrib", "docs" and "cache")... Copy them also in your forum folder, and replace any files if asked. 5) Open your browser (don't close your FTP client yet, you will need it) and open your forum URL with "/install/update_to_latest.php" added on the end, kind of like this: "your_host_name.trap17.com/forum/install/update_to_latest.php" 6) When phpBB notifies you that you have successfully completed the update process, delete the "install" and "contrib" directories from your forum folder! (If you don't, phpBB will notify you that this is necessary log when you log on to your forum).
Reply
HoRuS
Apr 19 2005, 09:58 AM
It's weird... when I installed the new version, it redirects me every time to the install.php even when I deleted the install and contrib folder...  What's that all about some ftp-ing the config.php?
Reply
bureX
Apr 19 2005, 07:50 PM
Hmmm... That's very strange! You should try doing the update again! phpBB has NEVER redirected me back to the install.php file. But, how can it redirect you to the install.php file when you deleted the "install" folder (or, is it redirecting you, but you receive a 404 - file not found error)?
Reply
Luigi
Apr 19 2005, 09:33 PM
That's strange. I recently updated my site from 2.0.13 to 2.0.14 without any probs. I think the best advice is to just re-do it like bureX said.
Reply
PHPtech
Apr 20 2005, 10:17 PM
Yeah, I heard about those 5 days after 2.0.13 came out, I am always to lazy to notify phpBB group. If anyone feels like alerting them for faster exploit fixes Google search "phpBB current version here exploit" after every release, every exploit since 2.0.11 I have found with Google several weeks before the fix...
Reply
HoRuS
Apr 21 2005, 07:20 PM
Same here, too lazy to message them about it, they should have waited and tested it some more before releasing so many new versions this soon. Bad advertisement for users, I'll rather wait now till phpBB 2.0.250 comes out 
Reply
diamond_php
Apr 22 2005, 12:44 AM
I am working on a forum software, I want to make it as bug free as I can, I think that have clean, precise, and effective code is very attactive, possibly even more so than having great features is. Don't you think so? And really think about it, secure, fast, and easy to understand versus great features, easy to hack, and hard to understand...
Reply
Recent Queries:--
phpbb default page encoding - 111.82 hr back.
-
firefox 2.0.14 download - 258.26 hr back.
-
phpbb 2.0.22 exploit - 772.92 hr back.
Similar Topics
Keywords : bugs phpbb 13 phpbb 14 released fix- Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read
- (8)
- Phpbb Hackers
- LOL (21)
I got an email today: The following is an email sent to you by an administrator of "KORUPTION OWNZ
YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive
please contact the webmaster of the board at the following address: korupted@korupted.com Include
this full email (particularly the headers). Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dear members. Your petty website has been hacked. The hacker's
name is Koruption. Next time dont use a outdated verison of phpbb b***hes So im a bit pissed off
and chec...
Phpbb 2.0.18
- Released on the 31st (12)
To anyone out there using phpBB, the next release has been sent out. Report:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 Download:
http://www.phpbb.com/downloads.php Additional Download for the Changed Files Only:
http://www.phpbb.com/files/releases/change...8_repackage.zip I found an error! One of the
reports was made by myself. Even though it was not a bug, it was about the cosmetic display on the
index page concerning the subSilver template. As people may have noticed, the ''Mark all
forums read'' is displayed before you even...
[exploit] Phpbb <=2.0.12 Vulnerability.
- How to be Admin on phpBB in Simple steps (2)
Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version....
[exploit] Phpbb 2.0.15 "viewtopic.php"
- Remote PHP Code Execution Exploit (3)
phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ...
And Again A New Phpbb
- phpBB 2.0.17 (17)
Again got me a nice email from phpBB group...: QUOTE Hi everyone, phpBB Group announces the
release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release
addresses several bugfixes and some low security issues as well as the recently seemingly
wide-spread XSS issue (only affecting Internet Explorer). Please have a look down this announcement
for the code changes necessary to fix the XSS issue, we are again astounded about the energy people
put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. ...
Phpbb 2.0.16 Is Out!
- A new version again... (8)
PhpBB, one of the most popular PHP based forums is here out in the form of a new version - 2.0.16. A
few critical issues were corrected, but other than that, nothing special... Still waiting for
Olympus /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> QUOTE Hi
everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes
and one critical security issue. To fix this, please apply the following change: In viewtopic.php
Find: CODE $message = str_replace('"', '"', substr�...
Phpbb Upload Script "up.php" Arbitrary File Upload
- (0)
To: BugTraq Subject: phpBB Upload Script "up.php" Arbitrary File Upload Date: Apr 8 2005 2:21AM
Author: Status-x Message-ID:
##################################################################### Advisory #1 "phpBB Upload
Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: phr4xz gmail com -
status-x hackersoft net $ Date: 7 April 2005 $ Website: http://defacers.com.mx $
Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor
URL: http://phpbb.com $ Affected Software: phpB...
Phpbb 2.0.15 Is Out!
- (15)
phpBB 2.0.15 is out! It has a few bugfixes and improved security features. Don't wait to be
a victim of an exploit! You can download it from here: http://www.phpbb.com/downloads.php
Here is the notification e-mail that I have received: QUOTE("The phpBB team") Hi everyone,
phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This
release addresses some bugfixes and addressing some security issues, one being serious. With this
release the admin re-authentication security feature from phpBB Olympus has been backported...
Firefox Security Update (firefox 1.0.2)
- Released 23-03-2005 (14)
Yesterday Mozilla (foundation) released another security update for Firefox. QUOTE(Mozilla
Foundation) March 23, 2005, (Mountain View, CA). The Mozilla Foundation, a non-profit organization
dedicated to preserving choice and promoting innovation on the Internet, today announced a security
update for its Firefox Web browser. The update is a proactive security release to patch a bug
identified by Internet Security Systems, a premier security research, products, and services
company. No known exploits of the bug have been reported prior to the update's release. ...
Phpbb Exploit
- (17)
Recently, an exploit has been found out that allows people to use their cookies to gain access to
the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
cookie containing your Session ID (Basically who and when you are). What it does, after much
decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B...
Phpbb Exploit
- PhbBB exploits unleashed! (4)
/laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh
!!!!! agian PHPBB exploits & bugs phpbb team must /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> dead check here
http://k-otik.com/exploits/20050228.phpbbsession.c.php /wink.gif' border='0'
style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR VBULLETIN
/unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best REgars ,
liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible ...
Looking for bugs, found, phpbb, 2, 0, 13, phpbb, 2, 0, 14, released, fix
|
|
Searching Video's for bugs, found, phpbb, 2, 0, 13, phpbb, 2, 0, 14, released, fix
|
advertisement
|
|
