Actualización foros phpBB 2.0.16
- Author: ser humano
- Filed under: Desarrollo
Jul 13,2005
Recibí un mail de uno de mis hosting, en el mensaje claramente se podía leer:
“Estimado cliente,
El US-CERT ha advertido de un exploit hecho público, que se aprovecha de una vulnerabilidad en el script VIEWTOPIC.PHP usado por phpBB.
El CERT confirma haber visto reportes de intentos de ataques realizados con dicho exploit, pero no ha comprobado la existencia de sistemas que hayan sido comprometidos. El problema se produce porque VIEWTOPIC.PHP no filtra correctamente ciertas entradas con determinados parámetros.
Un parche para esta vulnerabilidad ya fue incorporada a la versión 2.0.11, aunque parece que este no resolvió adecuadamente el problema. Si en cambio, una nueva versión, la 2.0.16 que corrige definitivamente este problema.
Todas las instalaciones del phpBB, no actualizadas en 72 horas seran eliminadas del servidor.
Agradecemos su colaboración
Atte,”
Mirando entre los blogs de BlogsPerú encontré esta noticia de unas webs hackeadas “asumo que usando este bug…
HACKEAN A TELEVISION NACIONAL DEL PERU, A CPN RADIO Y A AMERICA TV (Observatorio de Medios)
Inmediatamente me dije a mi mismo: *”mi mismo, tenemos que actualizar los foros”. El mail incluía un link a un tutorial para “parchar” dicho archivo y arreglar el bug:
Este es el link —> http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011
Lo que hay que hacer es buscar el archivo viewtopic.php y:
Reemplazar:
$message = str_replace('"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('', '', $highlight_match) . ")\b#i', '<span style="color:#" . $theme['fontcolor3'] . ""><b>\1</b></span>', '\0')", '>' . $message . '<'), 1, -1));
Por:
$message = str_replace('"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('', '', addslashes($highlight_match)) . ")\b#i', '<span style="color:#" . $theme['fontcolor3'] . ""><b>\1</b></span>', '\0')", '>' . $message . '<'), 1, -1));
link
* Frase del “hermano putrefy” de hueving.com
Categories
Archives
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- December 2009
- October 2009
- September 2009
- August 2009
- June 2009
- May 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
Links
- Tutoriales Photoshop cs3
- Gerald blog
- slayerX
- Invazor C
- Bitacora de Mar
- BaluArt
- Las mandarinas
- JGWong
- Xergio
- gBlog
- IceBeat
- blog:C3
- Frivolidades
- Isopixel
- Indiferencia
- Instantáneas de una aficionada
- Ojo rojo
- Plato
- Asterion
- Plan H
- La mate por un yogur
- G2
- Hazme el Chingado Favor.com
- Red Baron
- Recetas de cocina paso a paso
- Metallica en Lima
Meta
Recent Comments
- ***mailyn***: io le tngo fobia los
- mailyn: xvr me ayudaron a hacr
- Maya: Cuando un cliente nos ataca
- Arthur: gracias por el aporte, me
- Julio R. González: Completamente de acuerdo con Carlos
- anonymous: esadsadasdad
- Fausto: El cerebro es tan complejo..
- luna: no sabia que existieran tantas
- Derik: Gracias, necesitaba esto y fue
- catolico: mi muy queridos hermanos en
Tags
wtf Wordpress Windows wacom Video viajes tv tutorial tragos tabaco software screenshot radiohead programacion plugin Php Photoshop Personal Música micropost meme Linux juegos Iron maiden grabacion Frases ecologia discos diccionario Deskmod dejar de fumar Cuentos Css conciertos codigo citas cine canciones bebidas Barcito bandas audition argentina alcohol adobe
15 Responses for "Actualización foros phpBB 2.0.16"
Para no olvidarme
http://www.canalphotoshop.com/personalgallery/
http://fotoblog.avatartek.com/
http://wiki.photoblogs.org/wiki/Photoblog_Scripts_and_Programs
What about the possibility of pulling out of Iraq, letting Iran invade and lose resources fighting their own kind,
and then come in and mop up the dregs?
http://plasticnappy.com
Great site:
http://plasticnappy.com
Sammy
next_shola@yahoo.com
Great site!
It is a amazing site!
Plans:
12% profit after 1 day
25% profit after 2 days
38% profit after 3 days
10% referral commission
Program use license script and Anti-DdoS Protection !!!
Join
http://superhyipsite.com/?ref=hyip2007
I’m the only one in this world. Can please someone join me in this life? Or maybe death…
windows registry clean up registry cleaner mechanic windows errors windows xp free registry clean up speed up my computer [url=http://community.naturalnews.com/members/Windows_5F00_Registry_5F00_Clean_5F00_Up/default.aspx]computer faster software [/url] computer repair software clean registry repair registry repair freeware best registry cleanup registry optimizer [url=http://community.naturalnews.com/members/Windows_5F00_Registry_5F00_Clean_5F00_Up/default.aspx]windows registry clean up [/url] computer fix registry best reg cleaner registry clean up fix dll errors free registry cleaning programs [url=http://community.naturalnews.com/members/Windows_5F00_Registry_5F00_Clean_5F00_Up/default.aspx]scan registry [/url]
[b]Are you studying to put together your own DJ mix? [/B]
[b]MyDjSpace.net[/b]
If you are like numerous other people you have longed to be
a DJ for a long time but just aren’t positive how to put together a a winning DJ mix.
What if you could get online and instantaneously communicate with others who could
facilitate you?
What if you could become a member of a community that
is so profound that you can voice your concerns and problems and get
help from people who know thier stuff?
If this sounds too good to be true then you should unquestionably check out mydjspace.net where you can get all of this and more!
Join [URL=http://mydjspace.net]DJ Mix MP3[/URL]
_________________
[URL=http://satmods.com][b]FTA[/b][/URL]
Your welcome everyone,
My computer worked not correctly, too much mistakes and buggs. Help me, please to fix buggs on my computer.
I used Win Vista.
With best regards,
Heviakepacere
WTF! – How can animals like Bernaldo Bicoy – who is a twice convicted child sex offender get bail?
This guy forged himself as a attorney and business investor consultant to win trust of children. Out of all people, the system released him out on bail!
It’s sad but the streets of Lake Forest are hazardous. Is it possible to appeal?
The action taken to local and national disasters is noble but it’s a real shame that so many people take advantage of the sad situations.
I mean everytime there is an earthquake, a flood, an oil spill – there’s always a group of heartless people who rip off tax payers.
This is in response to reading that 4 of Oprah Winfreys “angels” got busted ripping off the system. Shame on them!
http://www.cbsnews.com/blogs/2009/08/19/crimesider/entry5251471.shtml
Good Afternoon I just created my first wordpress blog website, what do you think? Any suggestions would be great http://blogesaurus.com/ 3126025623
A human beings begins cutting his perceptiveness teeth the senior often he bites eccentric more than he can chew.
where do i get more information on thisHavenspire, bring value and joy.
Leave a reply