DeveloperSide.NET Forums
July 18, 2019, 08:42:47 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Article phpBB Mods is incorrect  (Read 27329 times)
0 Members and 1 Guest are viewing this topic.
Techie-Micheal
Member
*
Posts: 1


View Profile
« on: November 17, 2006, 06:58:48 PM »

http://www.devside.net/articles/phpbb

Quote
Problem: phpBB displays "Powered by phpBB 'version'" at the bottom of each page. This allows an individual to search Google, or any other Search Engine, for all domains/websites that are running specific older versions of phpBB -- which are known to have vulnerabilities and exploits.


phpBB hasn't displayed the version number at the bottom for quite some time. If it does, it means phpBB hasn't been updated properly.

Quote
Solution: Update phpBB version string to '2.x.x'.

Method:

Login into MySQL. Enter SQL query...
REPLACE INTO phpbb2.phpbb_config (config_name, config_value) VALUES('version', '.x.x');


Doing this will break the update notification in the admin panel, and is unnecessary since phpBB doesn't display the version number in the footer. It also harms the Support Team when someone asks for help and doesn't know what version they are running.

Just an FYI.

Techie-Micheal
Support Team Leader, phpBB
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #1 on: November 17, 2006, 11:45:42 PM »

Maybe around version 2.0.12/15?. I just never really got to updating that Guide.
I've removed that section and have added new info.

Now if only someone could tell me why all lines that start with a '#' in quotes/code are not being displayed after a backup I did some time ago, and why my mysqldumps of phpbb data after MySQL 4.0 -> 4.1 upgrade are now only half the size of the backup I get via phpBB's admin interface, I would be set.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
majika
Member
*
Posts: 14


View Profile
« Reply #2 on: February 04, 2007, 10:49:11 PM »

Yep Techie-Micheal has a point. Its easier for wood be hackers/ script kiddies to get a foot hold into vuln systems which will can easily be found through Google using a simple search querys like (Examples)
Code:
inurl:service.pwd or inurl:userlist or intitle:"Index of" php.cgi  or "index of" / lck see
  what that brings up. There is one I know that is for this exact vuln but wont post it here !

But you get the point anything that you can remove from the installation package that can be indexed from the outside world like google bots (and others) remove it or simply put loose it ! and its not just google bots you have to worry about there is a whole host of similar SE that you can do this trick on...
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!