This post was imported from an old blog archive, and predates the creation of AdamCaudill.com.
In the latest round of embarrassing updates, the phpBB Group has released a new version of phpBB, 2.0.13, to fix a large, and obvious security error allow anyone to gain admin rights, oh, just to make it better, it works on all version < 2.0.13. With a POC floating around, let the hacking begin.
Update: A working exploit was released, showing just how simple it is to wreak havoc.
This is yet another blow to phpBB, it’s had a number of recent issues like this, makes you wonder how long it’ll take for them to actually take security seriously.
An exploit is not required.
The following proof of concept demonstrating cookie values necessary to authenticate to the numerical id ‘2’ account, typically the administrator account, is available:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
(Source)
PHPBB Authentication Bypass Vulnerability
phpBB 2.0.13 released – Critical Update
This post was imported from an old blog archive, and predates the creation of AdamCaudill.com.
Wow, the summer’s over and I’m finally home!
After spending the last five months in New York (quite a difference from my native Florida), I’ve finally made it back home. Much has happened while I’ve been away, not the least of which is the death of Imspire and a few related projects. While giving up on these dreams has been difficult, I believe the result will be for the best.
Yesterday the news hit of a new vulnerability that threatens the security of all code; dubbed Trojan Source by the researchers from the University of Cambridge. From an initial analysis, it does seem to impact just about everything, and the status of fixes is very hit or miss at this point. But the real question is, does this even matter? Is this issue worth spending your time on? Let’s look closer.
Note: This was written in 2012, but not published at the time. The point is still valid, perhaps moreso than ever and deserves to be made publicly. The content has been updated as appropriate, though the core of this article remains intact from the 2012 draft. I would like to note that this doesn’t apply to every environment, there are some where developers are very knowledgeable about security, and write code with minimal issues – my current employer happens to be one of those rare & exciting places.
Earlier this year, a vulnerability was discovered in the Jackson data-binding library, a library for Java that allows developers to easily serialize Java objects to JSON and vice versa, that allowed an attacker to exploit deserialization to achieve Remote Code Execution on the server. This vulnerability didn’t seem to get much attention, and even less documentation. Given that this is an easily exploited Remote Code Execution vulnerability with little documentation, I’m sharing my notes on it.
Brave is a web browser available for multiple platforms that aims to provide additional security and privacy features – plus a novel monetization scheme for publishers. I gave it 30 days to see if it was worth using. I switched on all platforms I use to give it a fair shot, I normally use Chrome which made the switch less painful, though the results were very much mixed. There are some things I honestly liked about it, some things I really disliked, and at least one thing that just made me mad.
