fixyourserver.com

A lot of stuff and things…

May 7, 2009

phpBB viewtopic exploit

So the kiddies are at it again.  Sending out spam from a hole in the phpBB’s latest code.

Open viewtopic.php in your favorite text editor.    Find the following section of code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

for($i = 0; $i < sizeof($words); $i++)
{

and replace with:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

for($i = 0; $i < sizeof($words); $i++)
{

All fixed!  Wasn’t that easy?  😉

In Uncategorized

Previous Post

Leave a Reply

October 23, 2019

RabbitMQ, Rancher and Azure Kubernetes

January 17, 2018

Upgrading from CentOS-Extras docker to Docker Community Edition

October 13, 2016

yay

© 2021 fixyourserver.com

Theme by Anders Norén