Full Disclosure mailing list archives
Re: Security of phpBB
From: Aaron Horst <anthrax101 () gmail com>
Date: Mon, 20 Jun 2005 09:59:54 -0400
I've done some work on phpBB security (http://seclists.org/lists/fulldisclosure/2005/Feb/0547.html, http://www.phpbb.com/security/final_reports.php?p=2) and would not personally commend them on their security record and responses. I've gone through the code base and there are probably no remaining obvious issues, but I am sure that there are many subtle errors remaining. The code is just not designed with security in mind. I would also like to point out that they are liable to hide security issues that they consider non serious, and this has bitten them before (See highlight exploit. They ignored it for a while because they didn't think it could be exploited.) AnthraX101 On 6/20/05, Tom Edwards <topbeachwear () hotmail de> wrote:
Hi, I am new to this list and to security in general so please excuse my question. A friend told me that our forum software phpBB is not very secure and told me about this. Where can I get information on that? What must I do to make it secure? Thank you. Kind regards, Tom Edwards, Manager _________________________________________________________________ MSN Hotmail. Anmelden und gewinnen! http://www.msn.de/email/webbased/ Ihre Chance, eines von 10 T-Mobile MDA II zu gewinnen! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- AnthraX101 -- PGP Key ID# 0x4CD6D0BD Fingerprint: 8161 D008 3DAB 86C1 2CA3 AEDE 0E21 DBDE 4CD6 D0BD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security of phpBB Tom Edwards (Jun 20)
- Re: Security of phpBB bugtraq (Jun 20)
- Re: Security of phpBB Moritz Naumann (Jun 20)
- Re: Security of phpBB Daniel (Jun 20)
- Re: Security of phpBB Tom Edwards (Jun 20)
- Re: Security of phpBB Daniel (Jun 20)
- Re: Security of phpBB Aaron Horst (Jun 20)
- Re: Security of phpBB milw0rm Inc. (Jun 20)
- Re: Security of phpBB nick johnson (Jun 21)
- Re: Security of phpBB milw0rm Inc. (Jun 21)
- Re: Security of phpBB nick johnson (Jun 21)
- Re: Security of phpBB nick johnson (Jun 21)
- <Possible follow-ups>
- Re: Security of phpBB nick johnson (Jun 20)