phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

php 5.2.7 allows major vulnerabilities for phpBB 2.x


 
Search this topic... | Search Board Announcements... | Search Box
Register or Login to Post    Index » Board Announcements  Previous TopicPrint TopicNext Topic
Author Message
phpBB2 Refugees
Camp Leader
Camp Leader



Joined: 24 Jul 2008

Posts: 90
Location: I Live Here


flag
PostPosted: Mon Dec 08, 2008 11:09 am 
Post subject: php 5.2.7 allows major vulnerabilities for phpBB 2.x

Acyd Burn posted this announcement at phpbb.com related to a bug in php (not phpbb) that allows SQL Injection attacks on phpBB 2.x boards. We are not running an affected version of php on this site, but if you are running phpbb2.x on php 5.x you should check immediately.

Acyd Burn wrote:
Hello,

The PHP group has retracted PHP 5.2.7. The security issue in PHP 5.2.7 has dire security implications for phpBB2 installations. For phpBB3 the issue can result in cosmetic problems.

If you have already updated to that version, it is essential that you turn the setting "magic_quotes_gpc" to off in your php.ini file and update, promptly, to PHP 5.2.8 when it becomes available.


More details on Stefan Esser's blog.

If you are unsure how to find out which version of php you are running it is really quite simple. The solution requires you to be able to ftp a small php program up to your board's server and run it. After running it you should remove the file, as there's no reason to keep it around and it does expose unnecessary information to the public. Here is the code:
Code:
<?php
phpinfo();
?>

When you run that, you will get a dump of your php configuration, and the version will be displayed right up at the top of the page.

_________________
Long Live phpBB2 icon_biggrin.gif
This post has been reported for Other. The current status is Closed / Resolved.
Moderator phpBB2 Refugees closed this report Click for Details
Back to top
Display posts from previous:   
Register or Login to Post    Index » Board Announcements  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 4 Hours
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0365 seconds using 16 queries. (SQL 0.0066 Parse 0.0004 Other 0.0294)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo