View previous topic :: View next topic |
Author |
Message |
Nite Administrator
Joined: 29 Jun 2003 Posts: 1085 Location: Purgatory
|
Posted: Thu Mar 18, 2004 5:56 pm Post subject: phpBB Calender Exploit |
|
|
atomix wrote: | friend of mine, hex has a friend named icer that discovered a 0day php vulnerability. u wont find it on any sites... allows you to do remote command execution due to a vulnerability in the calendar module of php. icer scored about 20 nobody shells with it... i only got 2 .... just a short warning... if you know friends who have hosting places or wanna save some hosting places u like, tell them to disable the calendar feature. the exploit string i wont disclose since i dont share 0days o_O |
Got this from another one of my phpBB forums. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Mar 18, 2004 9:02 pm Post subject: |
|
|
Is this for a specific module of phpBB2? There aren't any extra modules installed that seem to match that description... |
|
Back to top |
|
|
Nite Administrator
Joined: 29 Jun 2003 Posts: 1085 Location: Purgatory
|
Posted: Thu Mar 18, 2004 9:55 pm Post subject: |
|
|
Not 100% sure if it's a module for phpBB, the quote I posted is all the information I currently have on it. If it's not a module, I would assume it's an entire other PHP system... ethier way, I figure it should be known about. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Sun Mar 21, 2004 6:54 pm Post subject: |
|
|
I've looked around and I'm thinking this must be concerning a separate module for phpBB2, possibly part of the phpBB2 portal project. Those modules aren't installed on this instance of phpBB2. The only one's I've installed are for Attachments and Visual Verification for Registration. |
|
Back to top |
|
|
|