fixyourserver.com

A lot of stuff and things…

phpBB viewtopic exploit

So the kiddies are at it again.  Sending out spam from a hole in the phpBB’s latest code.

Open viewtopic.php in your favorite text editor.    Find the following section of code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

for($i = 0; $i < sizeof($words); $i++)
{

and replace with:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

for($i = 0; $i < sizeof($words); $i++)
{

All fixed!  Wasn’t that easy?  😉

Previous Post

Leave a Reply

© 2017 fixyourserver.com

Theme by Anders Norén