Home > Code > phpBB Exploit – howdark Exploit

phpBB Exploit – howdark Exploit

December 11th, 2004 Tony Leave a comment Go to comments

There is a serious exploit in phpBB that requires immediate patch.

Patch

If you maintain a site running phpBB forums load this patch immediately. Apparently the exploit allows the hacker to gain root access to mySql. Many sites have been hacked including phpBB’s own support forum. Ouch.

I haven’t been able to find much info on how the exploit works. The code change in this patch seems trivial and I still don’t understand how it fixes the problem with the forums. If anyone has more insight I would love to hear.

Supposedly this is only a temporary patch and we need to stay tuned for a permanant fix.

Full discussion on the security flaw including input from ‘jessbunny’, the user that reported the problem and then proceded to use the exploit against phpBB.com

Categories: Code Tags:
  1. MilkaDE
    October 29th, 2006 at 05:12 | #1
    Reply | Quote

    Hey all
    Does anybody know how to switch off the data execution prevention feature in Windows XP?

  2. Clauser
    January 23rd, 2007 at 13:24 | #2
    Reply | Quote

    Hello! I want to know, where you have a section for advertising at a forum? Or it is not present? I have not found it.
    P.S. Are you see storm in Europe? It’s a horror…

  3. spafighting
    March 23rd, 2007 at 02:32 | #3
    Reply | Quote

    It’s become a big problem for forum owners to protect them from spam.
    Automated programs are sending their ads in huge quantities today.

    We’re small community of coders, upgrading forum’s source code to prevent spam-programs to post ads at your forums.

    Our technique is probably one of the best. There’s no need in such ugly methods as ‘capcha’ or ’secret question’.
    For average user there would not be any visible effects. No need to make e-mail activation (that usually makes number of successful registrations less), no even need to make your users register at forums to post messages.

    More info only at icq: 448759872
    Send messages even if not logged in.

  4. nemoforone
    March 30th, 2007 at 07:42 | #4
    Reply | Quote

    What about the possibility of pulling out of Iraq, letting Iran invade and lose resources fighting their own kind,
    and then come in and mop up the dregs?

  5. Hillari
    April 10th, 2007 at 00:11 | #5
    Reply | Quote

    You guys do a wonderful job! Keep up the good work!!!t

  6. KenMarshall
    April 13th, 2007 at 20:26 | #6
    Reply | Quote

    Thanks for helping

  7. cownIgnongire777
    December 2nd, 2007 at 15:19 | #7
    Reply | Quote

    Hello friends!
    Could anybody help me find cracked NOD32 antivirus software?
    I understand that it sounds not very good, but I need it.
    I look forward to your help. My ICQ: four-5-2-7-five-two-9-five-7.
    If I left a message in the wrong section, please del it,
    but I still do not know where to turn for help…

  8. admin_papa
    August 29th, 2008 at 10:00 | #8
    Reply | Quote

    Hi Folks!

    Just wanted to share my new experience.

    If your Windows XP fails to start due to an error related to missing HAL.DLL, invalid Boot.ini or any other important system boot files you can fix this by using the XP installation CD. Just boot from your XP Setup CD and enter the Recovery Console. Then launch “attrib -H -R -S” on the C:\Boot.ini file and delete it. Launch “Bootcfg /Rebuild” and then Fixboot

    Regards,
    Carl