[pmwiki-users] OFF TOPIC: warning to PHPBB2 admins
Neil Herber
nospam at eton.ca
Wed Mar 16 17:43:52 CST 2005
I know that a few people who post here also run PHPBB2 bulletin boards.
One of mine was hacked with an SQL code injection attack. I am not sure
what the results of this hack are, but in one report, the author claims it
can be used to add an SQL user with administrative rights:
http://www.waraxe.us/ftopict-426.html
If anyone has further info on this exploit, I would like to hear it via
private mail or by adding your comments to my wiki page here:
http://neil.eton.ca/wiki/index.php/Guest/PHPBB2CodeInjection
Unfortunately, in the rush to mitigate the damage I ended up having my
server IP switched, so DNSes may be behind. (It's a long story you don't
want to hear, believe me!)
Apparently it is only version 2.0.11 or lower that is vulnerable, but when
I went to PHPBB2 to get an update, I found their site database was throwing
errors!!
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list