heres a link to a topic on the phpBB site about the recent PHP exploits that were found.
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046
PHP exploits...
Moderator: MaxCoderz Staff
-
- Extreme Poster
- Posts: 479
- Joined: Fri 17 Dec, 2004 11:09 pm
- Contact:
-
- Calc Wizard
- Posts: 659
- Joined: Mon 20 Dec, 2004 4:00 am
- Location: My Computer/Someone else's computer
- Contact:
yeah my board too. If you're still unsure, take a look at the bottom. It says 2.0.11
"Not long ago, the Black Gate of Armonk swung open. The lights went out, my skin crawled, and dogs began to howl. I asked my neighbor what it was and he said, 'Those are the nazgul. Once they were human, now they are IBM's lawyers.'"
-
- Extreme Poster
- Posts: 479
- Joined: Fri 17 Dec, 2004 11:09 pm
- Contact:
it has nothing to do with phpBB, it has to do the actual php version. only ones pre 4.31 are affected i think.currahee wrote:yeah my board too. If you're still unsure, take a look at the bottom. It says 2.0.11
phpBB (in its original form) isnt compatible with php 5. you have to modify it somehow to get it to work properly. i dunno how tho...
Speaking of php(bb in this case), should you it even allow an an avatar that big?
You've seen the posts, now see the sites!
http://hiddenuniverse.blogspot.com
http://teoryn.deviantart.com
http://hiddenuniverse.blogspot.com
http://teoryn.deviantart.com
heres some news posted on the php website today
php.net wrote:A Note on Security in PHP
[31-Dec-2004] PHP is a powerful and flexible tool. This power and flexibility comes from PHP being a very thin framework sitting on top of dozens of distinct 3rd-party libraries. Each of these libraries have their own unique input data characteristics. Data that may be safe to pass to one library may not be safe to pass to another.
A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn't account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn't actually have anything to do with a security problem in PHP.
When we talk about security in a web application we really have two classes. Remote and Local. Every remote exploit can be avoided with very careful input validation. If you are writing an application that asks for a user's name and age, check and make sure you are only getting characters you would expect. Also make sure you are not getting too much data that might overflow your backend data storage or whatever manipulation functions you may be passing this data to. A variation of the remote exploit is the XSS or cross-site scripting problem where one user enters some javascript that the next user then views.
For Local exploits we mostly hear about open_basedir or safemode problems on shared virtual hosts. These two features are there as a convenience to system administrators and should in no way be thought of as a complete security framework. With all the 3rd-party libraries you can hook into PHP and all the creative ways you can trick these libraries into accessing files, it is impossible to guarantee security with these directives. The Oracle and Curl extensions both have ways to go through the library and read a local file, for example. Short of modifying these 3rd-party libraries, which would be difficult for the closed-source Oracle library, there really isn't much PHP can do about this.
When you have PHP by itself with only a small set of extensions safemode and open_basedir are generally enough to frustrate the average bad guy, but for critical security situations you should be using OS-level security by running multiple web servers each as their own user id and ideally in separate jailed/chroot'ed filesystems. Better yet, use completely separate physical servers. If you share a server with someone you don't trust you need to realize that you will never achieve airtight security.