Web Hosting Forums

Results 1 to 5 of 5

This is a discussion on Re: phpBB security hole in the Hosting Talk & Chit-chat forum
http://aletiaforums.com/showthread.php?s=&threadid=1168 I just installed the phpBB v.1.4.4 that does include the fix.php. But how do I know the paths to fix.php are correct, and I ...

  1. #1
    Loyal Client
    Join Date
    Sep 2002
    Posts
    134

    Re: phpBB security hole

    http://aletiaforums.com/showthread.php?s=&threadid=1168

    I just installed the phpBB v.1.4.4 that does include the fix.php. But how do I know the paths to fix.php are correct, and I won't have a problem with this issue?

    I'm asking, because a couple threads on their support forums mentioned that if this isn't set correctly, there could be an issue.

    In auth.php - My include is as follows:

    if (strpos(' ' . $PHP_SELF, $url_admin))
    {
    include("../fix.$phpEx");
    }
    else
    {
    include("fix.$phpEx");
    }

    Is this correct? Or do I need to modify it to a direct path? I'm assuming that I am not receiving an error - this is correct, but I thought I'd just check.

    Thanx!
    Michelle

  2. #2
    alexodin
    Guest
    to be sure that your script is working(or included), make some syntax error in it than run and see if you get the "parse error" or something

  3. #3
    Loyal Client
    Join Date
    Sep 2002
    Posts
    134

    you're so smart!

    Okay, test worked!

    Thanx much for the tip!

    Regards,
    Michelle

    Originally posted by alexodin
    to be sure that your script is working(or included), make some syntax error in it than run and see if you get the "parse error" or something

  4. #4
    Loyal Client
    Join Date
    Jul 2001
    Posts
    267
    Also check out this link to test your phpBB forum:

    http://www.securiteam.com/unixfocus/5RP051F55G.html

    So if you are using phpBB, please upgrade it immediately to the latest version.

    Laura Brandt

  5. #5
    Loyal Client
    Join Date
    Nov 2001
    Posts
    180
    I was wondering if anyone knows if this security hole is still evident in phpBB v2.0 beta.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •