 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 286 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
SQL injection vulnerability |
|
|
Posted on Monday, November 10 @ 12:59:43 CET by IACOJ |
|
|
|
|
| |
|
Average Score: 1
Votes: 1
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: SQL injection vulnerability (Score: 1)
by Daniel-cmw on Monday, November 10 @ 14:56:25 CET
(User Info | Send a Message) | /modules/Forums/profile.php
We are currently testing everything related to this,
Make sure you have a backup of the old file before making changes |
]
Re: SQL injection vulnerability (Score: 1)
by Mesum on Monday, November 10 @ 14:59:14 CET
(User Info | Send a Message) http://www.desitribe.com | Yeah, I made the changes as it was told but I got some errors.
Refer to the phpbb.com is not a valid link. |
]
Re: SQL injection vulnerability (Score: 1)
by Johan1982 on Monday, November 10 @ 20:01:37 CET
(User Info | Send a Message) | | The Link is certain does phpBB.com does not work, in addition seeing the page to phpBB they have not published anything on that, not even the new news have published, would be good that it was investigated. |
]
Re: SQL injection vulnerability (Score: 1)
by Johan1982 on Monday, November 10 @ 20:14:17 CET
(User Info | Send a Message) | | A thing I have paid attention, to Nuke 6.0 with phpBB ported by Tom, is not used the profile of phpBB, if the one of the Nuke (and they are different) this does not mean that possibly it does not have that vulnerability? |
]
]
Re: SQL injection vulnerability (Score: 1)
by Johan1982 on Monday, November 10 @ 23:28:26 CET
(User Info | Send a Message) | | That well, I was seeing the one of the profiles, and Nuke 6.0 with phpBB can use profile.php of the Forum phpBB. |
]
| | | | |
Re: SQL injection vulnerability (Score: 1)
by IACOJ on Tuesday, November 11 @ 09:39:29 CET
(User Info | Send a Message) | Hi everyone.
Please don't assume inserting the code that was suggested, in the original phpbb post works to make your site secure. In point of fact it does not. We will release a patch once the exploits are found and fixed. Until then, my best suggestion is to change the chmod of modules/Forums/admin folder to 000.
Yes that means you can't go in there to do anything, but it also means that someone else can't go in there and lock your board out, change your permissions etc
We were hoping to have something released for you last night, obviously that didn't occur. |
| | | | | |
|
