Input passed in a signature is not properly sanitised before being used in "privmsg.php" and "viewtopic.php". This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.

The vulnerability has been reported in version 2.0.13. Other versions may also be affected.

For more details please visit http://secunia.com/advisories/14475/

Hi;

What we can dot o solve this problem? phpBB dont have a 2.0.14 realase or similar.

Regards;
Rui

There should be a newer release that fixes this, but please contact support and they can patch your current installs (or show you how).

charles

Gosh... use vbulletin!!! ;) But really, thats one of the reasons why i moved away from phpBB. It's open source: have a busy server, someone wants to be a jerk- ooops apached is down;(...

phpBB has so many patches for so many different exploits honestly. Just my .02-

I dont want move.

I'm a moderator of phpBB Brasilian Team and founter of phpBB Portugal Team. :P

It have many exploits, because it's a open code. For example... Invision dont have many updates, but is paid.

I dont want move.

I'm a moderator of phpBB Brasilian Team and founter of phpBB Portugal Team. :P

It have many exploits, because it's a open code. For example... Invision dont have many updates, but is paid.


Yeah but with open source material- thats an exploit aready. To each his own...

To solve this vulnerability before 2.0.14 disable HTML signatures and HTML topics (administration panel > configuration).

Yeah but with open source material- thats an exploit aready. To each his own...

This is a GROSS over generalization. Please don't forget that 99% of your linux VPS is running on open source software that is not vulnerable or flawed.

charles

I cant understend why people hack GLP projects... its free, ;)


ps: I use Windows.
It isnt open source. :o

Hi.

phpBB have a real vuln.

See: a translation of my post (in my forum): here (http://translate.google.com/translate?u=http%3A%2F%2Fwww.forunsbb.com%2Fforum% 2Fviewtopic.php%3Ft%3D2708&langpair=pt%7Cen&hl=pt-PT&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools)

Right..., phpBB users try this:

Open incluides/sessions.php
Fint: $userdata['user_id'] = ANONYMOUS;
In the next line, put: $userdata['user_level'] = USER;
And again... (twice)


PS: may i post the exploit here? :D

There is already a new version that should fix those problems:

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=281963

Yep, can be downloaded here -
http://www.phpbb.com/downloads.php

This is a GROSS over generalization. Please don't forget that 99% of your linux VPS is running on open source software that is not vulnerable or flawed.

charles

I have to aggree 100% with you, Charles. Even more - closed code is a security flaw #1 in my opinion. Just look at encryption software which has 100% open and publically available algorythms. Closed code = 100% vulnerable code...

Just my 2c.

This is a GROSS over generalization. Please don't forget that 99% of your linux VPS is running on open source software that is not vulnerable or flawed.

charles

Perhaps an over generalization, yes it is. I did forget about our important software backing (ie linux in general). What i should of said is phpBB is VERY popular and in HEAVY usage that it gets exploited.