mailing list archives
Re: Privilege Escalation Vulnerability In phpBB 2.0.0
From: x x <hellokitty998877 () yahoo com>
Date: Mon, 28 Oct 2002 11:34:02 -0800 (PST)
Note: phpBB versions above 2.0.0 are not vulnerable.
Note that there are alot of modified/hacked versions
of phpbb floating around the Net, such as the
phpbbtonuke port for phpnuke. The phpbb port for
phpnuke55 and 56 uses phpbb2.0, and there is no patch
or available port upgrade.
As a workaround solution, you can restrict access to
the admin directory by using Apache htaccess basic
auth (see mod_access, mod_auth, htpasswd). Might want
to do this anyway even if you do upgrade to a more
recent phpbb package (layered security is a good
P.S. Don't bother replying to the disposable
hellokitty998877 email account. Send replies to
ken . williams at ey . com
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
- Re: Privilege Escalation Vulnerability In phpBB 2.0.0 x x (Oct 28)