hey just woundering but whats secure and not secure on phpbb* and phpbb2?

hey just woundering but whats secure and not secure on phpbb* and phpbb2?

I don't understand your question...

hey just woundering but whats secure and not secure on phpbb* and phpbb2?

phpBB* is not really that secure. There are a few coding flaws, and when edited it can stall/crash the server.

phpBB2 is secure as best as it can be.

http://www.phpbb.com/
Toast

One thing thats really annoying me about phpbb is how it adds users to the users table BEFORE they confirm... which totally defeats the purpose of CAPTCHA and valid email confirmations and kills me with spam bots.

Ive seen a few hacks/mods for this, but honestly until its changed in the general architecture... bleh.

hmm ok then well whats the best way comming across a exploit? Like how can i find an exploit in phpbb2?

And i know ive seen many things on about fake pages but i do not understand its very well. Can someone please explain it to me please? I know ill get flamed but its worth a try.

hmm ok then well whats the best way comming across a exploit? Like how can i find an exploit in phpbb2?


Gain an extensive knowledge of the scripting languages involved and of web application security (>2 years), then examine all the scripts in the web application for places where user input is not sufficiently filtered. These places could lead to XSS, or SQL injection.

Or, you could find examples of where actions (post message, send PM, change password, etc) are not confirmed by a captcha, and you have a XSRF vulnerability. Using this method I could easily cripple this forum we're posting on with one post linking to a script on my site which uses javascript to force users to make a post linking to the script, more people click, they unknowingly make post, forum is taken down as more people click and the forum is filled with junk. It's hard to explain, but it's like a worm.

Or you could find places where email forms are not filtered and are vulnerable to header injection.

Or you could do hundreds of other things to compromise the forum's security.


And i know ive seen many things on about fake pages but i do not understand its very well. Can someone please explain it to me please? I know ill get flamed but its worth a try.

You only understand fake login pages when you know about the scripting languages. Trying to learn about them without knowledge in those areas is pointless.

hmm ok so im guessing php scripting would be good to learn? and some javascripting would be fine to yea?

And ill do my research on XSS, or SQL?

Then once ive got a very good idea of both over time then will i be able to do it?
And is there anything else i should know?

So to find out if these are filterd or not filterd i should check the source and find the input?

hmm ok so im guessing php scripting would be good to learn? and some javascripting would be fine to yea?

Well, html xhtml xml css javascript php perl are all common languages in use on the web, but whatever you start with it will help. HTML/XHTML should naturally be first if you don't know them already.


And ill do my research on XSS, or SQL?

Both are common vulnerabilities, so both are good to have a knowledge of.


Then once ive got a very good idea of both over time then will i be able to do it?

Yeah if you're intelligent and patient, I don't see why not.


And is there anything else i should know?

...Everything about websites and browsers? More knowledge is better - knowledge is power.


So to find out if these are filterd or not filterd i should check the source and find the input?

You would examine the source, yes.

arhh k well so far im ok with html aint a big problem i can read it and write it. With no problems. So far im going very very good in this SQL injection i tryed it on a site and i got in i used Mickymouse' -- in the login page to get a pass then i used mickymouse' -- again but this time the pass had this in it '

Thanx for the help

could someone please hack into this acount and send me the password, i havent logged into it for awhile and can't remember the password and i try having photobucket email me the password but the email never comes., id really appreciate it if someone could. the account is http://smg.photobucket.com/albums/v2*/driv*thru_me/. email me at catsrule**2*@hotmail.com. thanks alot =)

hey just woundering but whats secure and not secure on phpbb* and phpbb2?

Vbulletin ...