Page 1 of 1
patch
Posted: Sat Mar 19, 2005 2:11 am
by JensJohansson
http://www.securityfocus.com/archive/1/392481 .. patched.
Why doesn't phpbb.com's own forum site inspire so much confidence in me today........ ? ? ? ?
http://www.phpbb.com/phpBB/
Code: Select all
phpBB : Critical Error
Could not obtain lastvisit data from user table
DEBUG MODE
SQL Error : 1030 Got error 134 from table handler
SELECT u.*, s.session_time, s.session_id FROM (phpbb_users u LEFT JOIN phpbb_sessions s ON s.session_user_id = u.user_id) WHERE u.user_id = -1 ORDER BY s.session_time DESC
Line : 116
File : sessions.php
also i saw this today:
http://www.securityfocus.com/columnists ... f=rssdebia .
stratovarius.com runs solaris i think. i'm too much of a pussy to see if a fork bomb hangs it
but if you have access to a linux shell and feel like trying it, just type
and see if that kills the machine. if it works, you can then atleast thumb your nose at root for a few minutes before he permanently kicks you off his machine
Re: patch
Posted: Sat Mar 19, 2005 4:58 am
by iron_thunder
*clare's head explodes*
Re: patch
Posted: Sat Mar 19, 2005 8:11 am
by fifthtea_sausage
This one goes for all phpBB versions up to 2.0.13. While applying and testing the
patch for the autologin bug I found that phpBB2 doesn't reset the $userdata['user_level']
variable after a failed autologin.
I ruptured my pancreas from reading this.
Thats a lot of people with a lot of problems.
Re: patch
Posted: Sat Mar 19, 2005 8:40 am
by iron_thunder
fifthtea_sausage wrote:This one goes for all phpBB versions up to 2.0.13. While applying and testing the
patch for the autologin bug I found that phpBB2 doesn't reset the $userdata['user_level']
variable after a failed autologin.
I ruptured my pancreas from reading this.
Thats a lot of people with a lot of problems.
peoples' responses to this stuff is really hilarious.
i actually laughed really, really loudly when i read that. thanks, fifthtea. you brought joy to my day
And Jens... eh, keep doing what you're doing
Re: patch
Posted: Sat Mar 19, 2005 4:34 pm
by Neorave
Isn't it wonderful we live in a world where technology is growing faster and faster, and yet we can't even fix one simple goddamn problem with PHP.
Let's just go back to old school programming...BASIC!
Re: patch
Posted: Sat Mar 19, 2005 7:23 pm
by cliff
Nothing is better than a .htaccess with DENY FROM ALL...
Actually yep.
unplugged any www machine from network, and then no more risk !
Re: patch
Posted: Sat Mar 19, 2005 8:22 pm
by NordicStorm
Neorave wrote:Isn't it wonderful we live in a world where technology is growing faster and faster, and yet we can't even fix one simple goddamn problem with PHP.
The obvious solution, then, would perhaps be to take out PHP of the equation altogether. Or, the poor sods coding phpBB
Let's just go back to old school programming...BASIC!
Hellz yeah! I had a Spectravideo SV-328 with Microsoft Basic v1.2. I think managed to create a simple spaceshooter game, after that I moved on to more state-of-the-art computing...Amiga 500.
Re: patch
Posted: Sat Mar 19, 2005 11:08 pm
by Paola
That day they finished to me confirming a thing with respect to the security of php, because a thing that badly seems to me done is that the this activated way which guests enter, since day I saw as they jackearon a forum of catastrophic way and as until now he tries to recover
