Facebook
Twitter
T
tekmage
Guest
EV1 notifed me this morning of a compromised site that was using phpBB. I've managed to change the effected file, but I'd like to do a full upgrade. Does Plesk have a new updated rpm for phpBB to close this exploit down?
it is in forum/viewtopic.php
and is not a root level exploit
in the above file to fix it (though i would recomend upgrading)
replace
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
with:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
it is in forum/viewtopic.php
and is not a root level exploit
in the above file to fix it (though i would recomend upgrading)
replace
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
with:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));