DeveloperSide.NET Forums
July 09, 2020, 02:02:40 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
   Home   Help Search Login Register  
Pages: [1]
Author Topic: Article phpBB Mods is incorrect  (Read 29419 times)
0 Members and 1 Guest are viewing this topic.
Posts: 1

View Profile
« on: November 17, 2006, 06:58:48 PM »

Problem: phpBB displays "Powered by phpBB 'version'" at the bottom of each page. This allows an individual to search Google, or any other Search Engine, for all domains/websites that are running specific older versions of phpBB -- which are known to have vulnerabilities and exploits.

phpBB hasn't displayed the version number at the bottom for quite some time. If it does, it means phpBB hasn't been updated properly.

Solution: Update phpBB version string to '2.x.x'.


Login into MySQL. Enter SQL query...
REPLACE INTO phpbb2.phpbb_config (config_name, config_value) VALUES('version', '.x.x');

Doing this will break the update notification in the admin panel, and is unnecessary since phpBB doesn't display the version number in the footer. It also harms the Support Team when someone asks for help and doesn't know what version they are running.

Just an FYI.

Support Team Leader, phpBB
Master of All Subjects
Posts: 3272

View Profile WWW Email
« Reply #1 on: November 17, 2006, 11:45:42 PM »

Maybe around version 2.0.12/15?. I just never really got to updating that Guide.
I've removed that section and have added new info.

Now if only someone could tell me why all lines that start with a '#' in quotes/code are not being displayed after a backup I did some time ago, and why my mysqldumps of phpbb data after MySQL 4.0 -> 4.1 upgrade are now only half the size of the backup I get via phpBB's admin interface, I would be set.

Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Posts: 14

View Profile
« Reply #2 on: February 04, 2007, 10:49:11 PM »

Yep Techie-Micheal has a point. Its easier for wood be hackers/ script kiddies to get a foot hold into vuln systems which will can easily be found through Google using a simple search querys like (Examples)
inurl:service.pwd or inurl:userlist or intitle:"Index of" php.cgi  or "index of" / lck see
  what that brings up. There is one I know that is for this exact vuln but wont post it here !

But you get the point anything that you can remove from the installation package that can be indexed from the outside world like google bots (and others) remove it or simply put loose it ! and its not just google bots you have to worry about there is a whole host of similar SE that you can do this trick on...
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!