|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 124
Members: 0
Total: 124
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
PhpBB 2.0.10 |
|
Posted: Fri Sep 03, 2004 5:41 pm |
|
|
worse1980 |
Beginner |
|
|
Joined: Sep 02, 2004 |
Posts: 4 |
|
|
|
|
|
|
|
hi waraxe
hi guys
what about PhpBB 2.0.10 waraxe nothing new about it are u working
to find some hole on this!
thx eny way |
|
|
|
|
Posted: Fri Sep 03, 2004 10:40 pm |
|
|
Roberto |
Regular user |
|
|
Joined: Sep 01, 2004 |
Posts: 8 |
|
|
|
|
|
|
|
i think he doesn't want to waste time with it
u know 2.1.x and 2.2.x is on the way as recommended versions
still lots of bugs in these betas. |
|
|
|
|
|
|
|
|
Posted: Sat Sep 04, 2004 11:27 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
PhpBB new versions are even more secure than previous versions. And reason is - even, if "register_globals=on", you can't poison the global variable space, because all the stuff will be smashed up.
From "common.php":
Code: |
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
|
So, what's the big deal with that? Well, chances to find new holes are reduced greatly, believe me |
|
|
|
|
|
|
|
|
Posted: Fri Sep 10, 2004 1:37 am |
|
|
worse1980 |
Beginner |
|
|
Joined: Sep 02, 2004 |
Posts: 4 |
|
|
|
|
|
|
|
thx waraxe
we all trust u & we know what u can do
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|