Lifedork

As all of you might know , phpbb is one of the most used open source forum engine. Phpbb might have millions of users , and Phpbb should protect their users from being hacked. And the fact is that the official site of phpbb , which is phpbb.com was hacked within few days ago ! and phpbb.com is still under maintenance up to now. The hacking of phpbb.com started when the attacker spotted a ‘gateway’ to attempt the break-in through phpList exploit (http://www.milw0rm.com/exploits/7778) . Well it’s not a how to hack phpbb forum , but it’s still good to be read.

Here’s the exceprt of the phpbb.com hacking story :

And eventually found my way to their error log /home/logs/phpbb.com/error_log. After a little looking I figured out that their forums were running off /home/virtual/phpbb.com/community/ well it has been known for some time that you can include code in the error log. So I wanted to run some code, well in PHPBB3 the avatars are located in a folder called /home/virtual/phpbb.com/community/images/avatars/upload and your avatar is called (secret hash)_userid.jpg. But I didn’t know what the secret has was to include my picture (that had my own code in it) so by using the error log I injected code
And figured out that their hash is f51ee61fe7a83fdf72780912bced0855. So now every time I want to upload run code against the server I can include this: /../../../../../../home/virtual/phpbb.com/community/images/avatars/upload/f51ee61fe7a83fdf72780912bced0855_ID.jpg

Read the rest of the story here : http://hackedphpbb.blogspot.com/

Random articles:

• toksta* integration now available for phpBB3 (toksta.com)
• What we can learn from yesterday’s phpBB.com hack (leftontheweb.com)

Computer Security Stuff on eBay!
Electronics stuffs on ebay

phpbb.com was hacked is posted on February 7th, 2009 by admin. This post is filed under: News, Security, Forums, Languages, Open source, PHP, Phpbb, Programming, Scripts, Uploading and downloading .

Some people come to this post with this search term: hack phpbb3, hacking phpbb, hacking phpbb3, PHPBB3 hacking, phpbb hacking tutorial, phpbb3 hacked, phpbb hacking, phpbb hacked, phpbb.com hacked, hack phpbb 3, phpbb3 hack, site:lifedork.com, site:lifedork.net, phpbb hack tutorial, how to hack phpbb3, phpbb3 versteckt, backtrack phpbb3, tutorial how to hack pbpbb, phpbb.com hack, phpbb,

And here is the related entries of this post:

• Blackhatjunction.org – The One-Stop Blackhat SEO Resources
• Router password cracker ?
• Not a Friendster Hacking 2009 tutorial !
• How to begin hacking with The Hacker’s Underground Handbook
• ldapuserenum – Active Directory LDAP Server Information Disclosure Vulnerability