Bugtraq mailing list archives

Re: Privilege Escalation Vulnerability In phpBB 2.0.0

From: x x <hellokitty998877 () yahoo com>
Date: Mon, 28 Oct 2002 11:34:02 -0800 (PST)

Hi,

Note: phpBB versions above 2.0.0 are not vulnerable.


Note that there are alot of modified/hacked versions
of phpbb floating around the Net, such as the 
phpbbtonuke port for phpnuke.  The phpbb port for
phpnuke55 and 56 uses phpbb2.0, and there is no patch
or available port upgrade.

As a workaround solution, you can restrict access to
the admin directory by using Apache htaccess basic 
auth (see mod_access, mod_auth, htpasswd). Might want 
to do this anyway even if you do upgrade to a more
recent phpbb package (layered security is a good 
thing).

Regards,
kw

P.S.  Don't bother replying to the disposable
hellokitty998877 email account.  Send replies to
ken . williams at ey . com

__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

Current thread:

Re: Privilege Escalation Vulnerability In phpBB 2.0.0 x x (Oct 28)
- <Possible follow-ups>
- Privilege Escalation Vulnerability In phpBB 2.0.0 nick84 (Oct 28)