Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Security of phpBB
From: Aaron Horst (anthrax101gmail.com)
Date: Mon Jun 20 2005 - 08:59:54 CDT
I've done some work on phpBB security
http://www.phpbb.com/security/final_reports.php?p=2) and would not
personally commend them on their security record and responses. I've
gone through the code base and there are probably no remaining obvious
issues, but I am sure that there are many subtle errors remaining. The
code is just not designed with security in mind.
I would also like to point out that they are liable to hide security
issues that they consider non serious, and this has bitten them before
(See highlight exploit. They ignored it for a while because they
didn't think it could be exploited.)
On 6/20/05, Tom Edwards <topbeachwearhotmail.de> wrote:
> I am new to this list and to security in general so please excuse my
> question. A friend told me that our forum software phpBB is not very secure
> and told me about this. Where can I get information on that? What must I do
> to make it secure?
> Thank you.
> Kind regards,
> Tom Edwards, Manager
> MSN Hotmail. Anmelden und gewinnen! http://www.msn.de/email/webbased/ Ihre
> Chance, eines von 10 T-Mobile MDA II zu gewinnen!
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
8161 D008 3DAB 86C1 2CA3 AEDE 0E21 DBDE 4CD6 D0BD
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/