XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module usage questions 
  4.  / NewBB print exploit?
Register
1
icepick66
NewBB print exploit?

  • 2007/9/6 18:34

  • icepick66

  • Just popping in

  • Posts: 20

  • Since: 2004/9/25


NewBB version installed: Newbb 2 (2.02)
Xoops protector picked up somone trying to exploit newbb's print page:
2007/8/29 11:41:08      Guests      200.46.200.3
libwww-perl/5.43     ISOCOM     Isolated comment-in found. (17400/*/newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)
    2007/8/29 11:31:38     Guests     222.236.44.50
libwww-perl/5.79     ISOCOM     Isolated comment-in found. (17400/*/newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)

Just concurned for people who dont have protector installed
2
mortuk
Re: NewBB print exploit?

  • 2007/9/6 21:33

  • mortuk

  • Not too shy to talk

  • Posts: 122

  • Since: 2005/12/13


old version - why u use this?
3
Peekay
Re: NewBB print exploit?

  • 2007/9/6 22:39

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


CBB is based on NewBB so much of the same code may be used in CBB. It would be good to know from the developer if this is a real vulnerability.
A thread is for life. Not just for Christmas.
4
zyspec
Re: NewBB print exploit?

  • 2007/9/7 1:52

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


I just looked at CBB (ver 3.05) and it sanatizes the 'forum' and 'topic_id' input variables - so this may be from an older version of NewBB (although ver 2.0.2 appears to sanitize this correctly too).

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

184 user(s) are online (105 user(s) are browsing Support Forums)

Members: 0

Guests: 184

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits