Search for
Login | Username Password Forgot? | Email: | Create Account
Technology / Internet | Entries: 319 | Views: 4968 | Modified: 3 months ago | | Add to My Feeds
Report
phpbb.com was hacked
June 1st, 2009
Screenshot of the default phpBB thread that ap...
Image via Wikipedia

As all of you might know , phpbb is one of the most used open source forum engine. Phpbb might have millions of users , and Phpbb should protect their users from being hacked. And the fact is that the official site of phpbb , which is phpbb.com was hacked within few days ago ! and phpbb.com is still under maintenance up to now. The hacking of phpbb.com started when the attacker spotted a ‘gateway’ to attempt the break-in through phpList exploit (http://www.milw0rm.com/exploits/7778) . Well it’s not a how to hack phpbb forum , but it’s still good to be read.

Here’s the exceprt of the phpbb.com hacking story :

And eventually found my way to their error log /home/logs/phpbb.com/error_log. After a little looking I figured out that their forums were running off /home/virtual/phpbb.com/community/ well it has been known for some time that you can include code in the error log. So I wanted to run some code, well in PHPBB3 the avatars are located in a folder called /home/virtual/phpbb.com/community/images/avatars/upload and your avatar is called (secret hash)_userid.jpg. But I didn’t know what the secret has was to include my picture (that had my own code in it) so by using the error log I injected code
And figured out that their hash is f51ee61fe7a83fdf72780912bced0855. So now every time I want to upload run code against the server I can include this: /../../../../../../home/virtual/phpbb.com/community/images/avatars/upload/f51ee61fe7a83fdf72780912bced0855_ID.jpg

Read the rest of the story here : http://hackedphpbb.blogspot.com/


More from แนวคิดใหม่ในแบบคาสิโนออนไลน์

Is milw0rm dead ? 09 Jul 9
phpbb.com hacked 09 Feb 7
Browser Fuzzer 2 09 Jan 28

^ Back To Top