13 replies to this topic

[iBotPeaches]

There is an exploit in the phpBB3 system, which allowed any password through some url()rewrite to call anyone's password into plain text.

I'm too tired to post the rest. The exploit has been patched.


EDIT: Here is most of what I know.


An exploit for phpBB3 was released on public hacking forums everywhere. It was a simple hack that grabbed passwords. I didn't know that was the hack so I didn't defend from it. I now found it, and updated to phpBB3.0.2 which prevents this. Any user who exploited this board is perm banned. I'm gathering users now and starting the ban filters. The passwords are being required to change just because some users may still have your password.

[Laxmonster54♥]

sounds great. This really got me worried because the Hacker dumped the database to a hacking website. so I downloaded just in case but I guess I can delete it now..... lol

[iBotPeaches]

sounds great. This really got me worried because the Hacker dumped the database to a hacking website. so I downloaded just in case but I guess I can delete it now..... lol

I have 29 mods installed, and a customized style that I made changes to that all do queries towards the SQL. You would need all my server files, not just the phpBB3 root files to run my board correctly. So were safe there.

[Dark Slipstream]

Great to know another exploit is patched.

I am searching through an underground forum at the moment for any exploits, anything I find I will tell you over MSN only. There was one pack that had a few things, I'll have to contact someone to get it again.

In the meantime, any hacks or exploits found for phpbb* on this site, remove them. Even if they are in VIP.

[fattwam]

im happy we are finally back up

[Xx Legacy xX]

Happy as hell,

do you mind me asking whats gonna happen to some of the hackers?

[Dark Slipstream]

do you mind me asking whats gonna happen to some of the hackers?

Add me on AIM: Dark Siipstream

We can discuss this further on that note.

or if you want my MSN, please ask Peaches, fattwam, Snail, or blacklabel for it.

[Obito Kajuo]

Who was the hacker?

[I AM T3RROR]

Who was the hacker?

To my knowledge it was a mix of hyperstorm, shotspartan, and haxalot

[SmokiestGrunl]

Who was the hacker?

To my knowledge it was a mix of hyperstorm, shotspartan, and haxalot

To my knowledge hyperstorm and haxalot are the same person

[iBotPeaches]

I'm missing 6000 attachments. This is a pain. I have no clue where to look for them, or how they just automatically deleted themselves.

[Dark Master]

well, personally i hate to see any site ofline due to hacking so i got in contact with the "authorities" in my area and they said they added it to there "watch list" which is probably good to be on as it should make hackers a little more scared about what there going to do and if its worth it to have the fbi show up at your door.

nice job getting it back up peach

[CubanLegend]

so if i reset my password now, i should be safe right?

This wont happen again right? i cant afford for the current password to get out. XD

[SmokiestGrunl]

so if i reset my password now, i should be safe right?
Correct, unless you have malware on your computer (which you would of obtained NOT from this site)

This wont happen again right? i cant afford for the current password to get out. XD
It will never happen again. The so called "hacker" is a noob and he will never be able to do it again.

Edited by SmokiestGrunl, 16 July 2008 - 08:19 PM.