EXEC exploit in phpBB - fix Nov 18 2004 12:33PM
Paul S. Owen (paul0x01 starstreak net)
Following additional information supplied to us by a party other than
"howdark.com" we can confirm the existence of a serious exploit in phpBB, in
all versions below 2.0.11.

We will not post concept of proof information given the seriousness of this
issue. Unfortunately howdark.com group have chosen to as a personal vendetta
against phpbb.com.

We are preparing full, changed files and patch based releases which fix this
issue (and several other bugs/issues). While we are testing this we urge all
phpBB users to implement the fix given in the following announcement at


Please spread this information far and wide, all hosting providers if
possible please inform your users. Anyone copying the howdark.com exploit
_please_ ensure you also include details of the fix noted in the above post!

PS: Thanks to the bugtraq moderators for moderating out a previous post of
mine, ta muchly for that :)

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus