phpBB Private Message Vulnerability fix
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
The bug can allow attackers to obtain password hashes, all existing users of phpBB 2.0.x make the change specified below, it is highly recommended.
To fix this flaw please open modules/Private_Messages/index.php in any text editor and follow the following instruction posted.... Find:
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
Replace with:
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
The difference between the two lines is the deleted dot after $pm_sql_user.
Article submitted by: Telli
Last Update: 03-29-2004
Category: News
Current rating: 5 by 26 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(16,378 reads) 12-02-2007
· Don't Fall for Jury Duty Scam(14,134 reads) 07-20-2007
· 500MB Free hosting [No-Ads No-Spamming](31,410 reads) 12-24-2006
· phpBB 2.0.22 and BBtoNuke 2.0.22 released(13,512 reads) 11-12-2006
· Tag Craig Launches Article-Publicity for Webmasters(16,216 reads) 08-05-2006
· Vista hacked at Black Hat.(13,458 reads) 08-04-2006
· Dozen Windows, Office updates coming next week.(14,018 reads) 07-19-2006
· Microsoft Lawsuits Help Protect Consumers.(13,681 reads) 07-18-2006
· Symantec sees an Achilles' heel in Vista.(14,383 reads) 06-20-2006
· GOW Arcade Comptition 17th June - 17th July !! Prize For...(14,315 reads) 06-19-2006
· ResellersPanel.com Launches Private DNS Cluster Packages
Please register or sign-in to post comments.