XSS injection on 3.0.10

Discuss phpBB 3.0.x in general.
Forum rules
Please post any phpBB 3.1.x related topics in the phpBB 3.1.x discussion forum.
Post Reply
MudkipzRule
New member
New member
Posts: 5
Joined: 19 Aug 2012, 01:31

XSS injection on 3.0.10

Post by MudkipzRule »

I've got a user on my forum who has found a XSS injection spot somewhere on my site. He has hijacked the admins accounts many times and refuses to share the exploit? Has anyone had this happen? Does anyone know where he would be injecting? If I find, I'll share here.
Top
User avatar
bonelifer
Administrator
Administrator
Posts: 477
Joined: 24 Jun 2006, 17:48
Real name: William
Location: htpc.MythBuntu

Re: XSS injection on 3.0.10

Post by bonelifer »

There are no known exploits in phpBB. You most likely either have an unpublished(ie not in the MODDB) mod installed. Much more likely than that though is that another third party software is being exploited such as an outdated WordPress install or some other exploitable software. A less likely but still possible explanation is that your host has insecure or improperly configured software on their servers. For instance one major webhost out there had/has way to permissive permissions set on their shared hosting.
Top
Post Reply

Return to “phpBB 3.0.x "Olympus" discussion”