Search for
Login | Username Password Forgot? | Email: | Create Account
Technology / Internet | Entries: 325 | Views: 6024 | Modified: 7 months ago | | Add to My Feeds
Report was hacked
June 1st, 2009
Screenshot of the default phpBB thread that ap...
Image via Wikipedia

As all of you might know , phpbb is one of the most used open source forum engine. Phpbb might have millions of users , and Phpbb should protect their users from being hacked. And the fact is that the official site of phpbb , which is was hacked within few days ago ! and is still under maintenance up to now. The hacking of started when the attacker spotted a ‘gateway’ to attempt the break-in through phpList exploit ( . Well it’s not a how to hack phpbb forum , but it’s still good to be read.

Here’s the exceprt of the hacking story :

And eventually found my way to their error log /home/logs/ After a little looking I figured out that their forums were running off /home/virtual/ well it has been known for some time that you can include code in the error log. So I wanted to run some code, well in PHPBB3 the avatars are located in a folder called /home/virtual/ and your avatar is called (secret hash)_userid.jpg. But I didn’t know what the secret has was to include my picture (that had my own code in it) so by using the error log I injected code
And figured out that their hash is f51ee61fe7a83fdf72780912bced0855. So now every time I want to upload run code against the server I can include this: /../../../../../../home/virtual/

Read the rest of the story here :

More from แนวคิดใหม่ในแบบคาสิโนออนไลน์

Is milw0rm dead ? 09 Jul 9 hacked 09 Feb 7
Browser Fuzzer 2 09 Jan 28

^ Back To Top