patch

[JensJohansson]

http://www.securityfocus.com/archive/1/392481 .. patched.

Why doesn't phpbb.com's own forum site inspire so much confidence in me today........ ? ? ? ?

http://www.phpbb.com/phpBB/

Code: Select all

phpBB : Critical Error 

Could not obtain lastvisit data from user table

DEBUG MODE

SQL Error : 1030 Got error 134 from table handler

SELECT u.*, s.session_time, s.session_id FROM (phpbb_users u LEFT JOIN phpbb_sessions s ON s.session_user_id = u.user_id) WHERE u.user_id = -1 ORDER BY s.session_time DESC

Line : 116
File : sessions.php 

also i saw this today: http://www.securityfocus.com/columnists ... f=rssdebia .

stratovarius.com runs solaris i think. i'm too much of a pussy to see if a fork bomb hangs it

but if you have access to a linux shell and feel like trying it, just type

Code: Select all

perl -e "fork while fork" 

and see if that kills the machine. if it works, you can then atleast thumb your nose at root for a few minutes before he permanently kicks you off his machine

[iron_thunder]

*clare's head explodes*

[fifthtea_sausage]

This one goes for all phpBB versions up to 2.0.13. While applying and testing the
patch for the autologin bug I found that phpBB2 doesn't reset the $userdata['user_level']
variable after a failed autologin.

I ruptured my pancreas from reading this.


Thats a lot of people with a lot of problems.

[iron_thunder]

This one goes for all phpBB versions up to 2.0.13. While applying and testing the
patch for the autologin bug I found that phpBB2 doesn't reset the $userdata['user_level']
variable after a failed autologin.

I ruptured my pancreas from reading this.


Thats a lot of people with a lot of problems.

peoples' responses to this stuff is really hilarious.

i actually laughed really, really loudly when i read that. thanks, fifthtea. you brought joy to my day
And Jens... eh, keep doing what you're doing

[Neorave]

Isn't it wonderful we live in a world where technology is growing faster and faster, and yet we can't even fix one simple goddamn problem with PHP.

Let's just go back to old school programming...BASIC!

[cliff]

Nothing is better than a .htaccess with DENY FROM ALL...

Actually yep.
unplugged any www machine from network, and then no more risk !

[NordicStorm]

Isn't it wonderful we live in a world where technology is growing faster and faster, and yet we can't even fix one simple goddamn problem with PHP.

The obvious solution, then, would perhaps be to take out PHP of the equation altogether. Or, the poor sods coding phpBB

Let's just go back to old school programming...BASIC!

Hellz yeah! I had a Spectravideo SV-328 with Microsoft Basic v1.2. I think managed to create a simple spaceshooter game, after that I moved on to more state-of-the-art computing...Amiga 500.

[Paola]

That day they finished to me confirming a thing with respect to the security of php, because a thing that badly seems to me done is that the this activated way which guests enter, since day I saw as they jackearon a forum of catastrophic way and as until now he tries to recover