2.0.17 hacekd(?) just before upgrading to 2.0.18 :/

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
GmbH
Registered User
Posts: 4
Joined: Mon Oct 31, 2005 6:19 pm

2.0.17 hacekd(?) just before upgrading to 2.0.18 :/

Post by GmbH »

Hello!

Today someone logged in as Administrator and posted a message to forum, my forum was 2.0.17 with user agent and quick reply mod. I’m almost sure that he couldn’t guess password for Administrator account. Is there any know vulnerability in 2.0.17 which could be used to login as Administrator? What side affect this hack could have (did he only logged and posted or could also login to admin panel – although he needs to bypass second login)?

Best regards!

'Lene
Registered User
Posts: 47
Joined: Fri Jul 08, 2005 8:33 am

Post by 'Lene »

Were you using Internet Explorer?

Did you have avatar uploads enabled?

GmbH
Registered User
Posts: 4
Joined: Mon Oct 31, 2005 6:19 pm

Post by GmbH »

Nope, I'm using FF, also avatar upload was disabled...

GmbH
Registered User
Posts: 4
Joined: Mon Oct 31, 2005 6:19 pm

Post by GmbH »

Btw. Administrator account wasn't used since beginning... I'm using my own account to login as admin user...

Taipo
Registered User
Posts: 174
Joined: Fri Jan 07, 2005 9:25 pm
Contact:

Post by Taipo »

How was it hacked?

Peter77s
Registered User
Posts: 260
Joined: Fri Sep 17, 2004 8:18 pm
Location: Michigan

Post by Peter77s »

what MODs do you have if any... and are they from phpbb.com?

GmbH
Registered User
Posts: 4
Joined: Mon Oct 31, 2005 6:19 pm

Post by GmbH »

As I said, someone logged in (or made it in other way) with Administrator account and posted message to forum, so I suppose if it could post as Administrator he could do enything else...

I've installed Quick reply http://www.phpbb.com/phpBB/viewtopic.php?t=287126
and slightly modified user agent mod from:
http://linuxweb.cyb3r.org/archives/view ... sc&start=0

Locked

Return to “2.0.x Support Forum”