Security Basics mailing list archives

Re: About phpbb vulnerability

From: "Gabriel Orozco" <gabriel_orozco () mx sumida com>
Date: Wed, 28 Jan 2004 16:59:36 -0600

Marc

in fact, if you are subscribed to the security-focus vulnearbilities
announces, you should by now had notice about the vulnerability found in
several packwages which use php.

upgrade ASAP


With Regards
Gabriel Orozco
Sysadmin

----- Original Message -----
From: "Marc Soler" <msoler () el-valles com>
To: <security-basics () securityfocus com>
Sent: Wednesday, January 28, 2004 12:38 PM
Subject: About phpbb vulnerability

Hi all,

Someone knows that it has been noticed some bug in phpbb that
allows bad boys to upload file to the server when phpbb is installed?
(Phpbb is a extended PHP-based board bulletin.)

We have hack problems in our server and we suspect that is from php

scripts

uploaded using some phpbb hole.

I have googled about some known phpbb holes, but I haven't found
anything about upload files vulnerability.

Someone have information related?

Thanks in advance.

PS: Sorry about my no-native english

--
Marc Soler



--------------------------------------------------------------------------

Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion

Prevention,

and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

Current thread:

About phpbb vulnerability Marc Soler (Jan 28)
- Re: About phpbb vulnerability Gabriel Orozco (Jan 29)
- <Possible follow-ups>
- re: About phpbb vulnerability Anders Blockmar (Jan 29)