XSS injection on 3.0.10
Forum rules
Please post any phpBB 3.1.x related topics in the forum.
Please post any phpBB 3.1.x related topics in the forum.
-
MudkipzRule
- New member
- Posts: 5
- Joined: 19 Aug 2012, 01:31
- [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
XSS injection on 3.0.10
I've got a user on my forum who has found a XSS injection spot somewhere on my site. He has hijacked the admins accounts many times and refuses to share the exploit? Has anyone had this happen? Does anyone know where he would be injecting? If I find, I'll share here.
-
bonelifer
- Administrator
- Posts: 477
- Joined: 24 Jun 2006, 17:48
- Real name: William
- Location: htpc.MythBuntu [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: XSS injection on 3.0.10
There are no known exploits in phpBB. You most likely either have an unpublished(ie not in the MODDB) mod installed. Much more likely than that though is that another third party software is being exploited such as an outdated WordPress install or some other exploitable software. A less likely but still possible explanation is that your host has insecure or improperly configured software on their servers. For instance one major webhost out there had/has way to permissive permissions set on their shared hosting.
Return to “phpBB 3.0.x "Olympus" discussion”
Who is online
Users browsing this forum: No registered users and 4 guests