Lifedork

As all of you might know , phpbb is one of the most used open source forum engine. Phpbb might have millions of users , and Phpbb should protect their users from being hacked. And the fact is that the official site of phpbb , which is phpbb.com was hacked within few days ago ! and phpbb.com is still under maintenance up to now. The hacking of phpbb.com started when the attacker spotted a ‘gateway’ to attempt the break-in through phpList exploit (http://www.milw0rm.com/exploits/7778) . Well it’s not a how to hack phpbb forum , but it’s still good to be read.

Here’s the exceprt of the phpbb.com hacking story :

And eventually found my way to their error log /home/logs/phpbb.com/error_log. After a little looking I figured out that their forums were running off /home/virtual/phpbb.com/community/ well it has been known for some time that you can include code in the error log. So I wanted to run some code, well in PHPBB3 the avatars are located in a folder called /home/virtual/phpbb.com/community/images/avatars/upload and your avatar is called (secret hash)_userid.jpg. But I didn’t know what the secret has was to include my picture (that had my own code in it) so by using the error log I injected code
And figured out that their hash is f51ee61fe7a83fdf72780912bced0855. So now every time I want to upload run code against the server I can include this: /../../../../../../home/virtual/phpbb.com/community/images/avatars/upload/f51ee61fe7a83fdf72780912bced0855_ID.jpg

Read the rest of the story here : http://hackedphpbb.blogspot.com/

Random articles:

• toksta* integration now available for phpBB3 (toksta.com)
• What we can learn from yesterday’s phpBB.com hack (leftontheweb.com)

Recenly search

Incoming search terms for the article:

avatar phpbb hash,  phpbb and hacking,  phpbb hacking,  
Popular Today naruto shippuden 170 videolog,  cat physics walkthrough,  naruto shippuden 168 videolog,  facebook spy,  backtrack 3,  shy engine,  vtunnel,  BackTrack tutorial,  backtrack 3 tutorial,  facebook photo viewer,  See The Shocking Hidden Message In The Google Logo that GOOGLE Does NOT Want You To Know About!,  how to view private myspace pictures,  my empire hack,  view private myspace pictures,  SHOCKING: RUDE HIDDEN MESSAGE in Toy Story 3!,  facebook keylogger,  HIDDEN MESSAGE IN GOOGLE LOGO,  Terri Moulton Horman,  rapidleech,  brute force facebook,   Computer Security Stuff on eBay!
Electronics stuffs on ebay

phpbb.com was hacked is posted on February 7th, 2009 by admin. This post is filed under: News, Security, Forums, Languages, Open source, PHP, Phpbb, phpbb and hacking, phpbb hacking, Programming, Scripts, Uploading and downloading, web hacking forum .