hey just woundering but whats secure and not secure on phpbb* and phpbb2?
hey just woundering but whats secure and not secure on phpbb* and phpbb2?
I don't understand your question...Originally Posted by Newby_Programme
phpBB* is not really that secure. There are a few coding flaws, and when edited it can stall/crash the server.Originally Posted by Newby_Programme
phpBB2 is secure as best as it can be.
[url]http://www.phpbb.com/[/url]
Toast
One thing thats really annoying me about phpbb is how it adds users to the users table BEFORE they confirm... which totally defeats the purpose of CAPTCHA and valid email confirmations and kills me with spam bots.
Ive seen a few hacks/mods for this, but honestly until its changed in the general architecture... bleh.
hmm ok then well whats the best way comming across a exploit? Like how can i find an exploit in phpbb2?
And i know ive seen many things on about fake pages but i do not understand its very well. Can someone please explain it to me please? I know ill get flamed but its worth a try.
Gain an extensive knowledge of the scripting languages involved and of web application security (>2 years), then examine all the scripts in the web application for places where user input is not sufficiently filtered. These places could lead to XSS, or SQL injection.Originally Posted by Newby_Programme
Or, you could find examples of where actions (post message, send PM, change password, etc) are not confirmed by a captcha, and you have a XSRF vulnerability. Using this method I could easily cripple this forum we're posting on with one post linking to a script on my site which uses javascript to force users to make a post linking to the script, more people click, they unknowingly make post, forum is taken down as more people click and the forum is filled with junk. It's hard to explain, but it's like a worm.
Or you could find places where email forms are not filtered and are vulnerable to header injection.
Or you could do hundreds of other things to compromise the forum's security.
You only understand fake login pages when you know about the scripting languages. Trying to learn about them without knowledge in those areas is pointless.And i know ive seen many things on about fake pages but i do not understand its very well. Can someone please explain it to me please? I know ill get flamed but its worth a try.
Last edited by Ezekiel; 10-11-2006 at 02:21 PM.
hmm ok so im guessing php scripting would be good to learn? and some javascripting would be fine to yea?
And ill do my research on XSS, or SQL?
Then once ive got a very good idea of both over time then will i be able to do it?
And is there anything else i should know?
So to find out if these are filterd or not filterd i should check the source and find the input?
Last edited by Newby_Programme; 10-12-2006 at 10:03 AM.
Well, html xhtml xml css javascript php perl are all common languages in use on the web, but whatever you start with it will help. HTML/XHTML should naturally be first if you don't know them already.Originally Posted by Newby_Programme
Both are common vulnerabilities, so both are good to have a knowledge of.And ill do my research on XSS, or SQL?
Yeah if you're intelligent and patient, I don't see why not.Then once ive got a very good idea of both over time then will i be able to do it?
...Everything about websites and browsers? More knowledge is better - knowledge is power.And is there anything else i should know?
You would examine the source, yes.So to find out if these are filterd or not filterd i should check the source and find the input?
arhh k well so far im ok with html aint a big problem i can read it and write it. With no problems. So far im going very very good in this SQL injection i tryed it on a site and i got in i used Mickymouse' -- in the login page to get a pass then i used mickymouse' -- again but this time the pass had this in it '
Thanx for the help
could someone please hack into this acount and send me the password, i havent logged into it for awhile and can't remember the password and i try having photobucket email me the password but the email never comes., id really appreciate it if someone could. the account is [url]http://smg.photobucket.com/albums/v2*/driv*thru_me/[/url]. email me at [email]catsrule**2*@hotmail.com[/email]. thanks alot =)
Vbulletin ...Originally Posted by Newby_Programme
[url=http://www.*-rx.com]Your Health Encyclopedia[/url] :: [url=http://www.home-tests.com] HIV Aids Test Kits[/url] :: [url=http://rx-s.net]RX-s.net[/url] :: [url=http://www.rxdrugnews.com]RXDrugNews.com[/url]