XSS injection on 3.0.10
Forum rules
Please post any phpBB 3.1.x related topics in the phpBB 3.1.x discussion forum.
Please post any phpBB 3.1.x related topics in the phpBB 3.1.x discussion forum.
-
- New member
- Posts: 5
- Joined: 19 Aug 2012, 01:31
XSS injection on 3.0.10
I've got a user on my forum who has found a XSS injection spot somewhere on my site. He has hijacked the admins accounts many times and refuses to share the exploit? Has anyone had this happen? Does anyone know where he would be injecting? If I find, I'll share here.
- bonelifer
- Administrator
- Posts: 477
- Joined: 24 Jun 2006, 17:48
- Real name: William
- Location: htpc.MythBuntu
Re: XSS injection on 3.0.10
There are no known exploits in phpBB. You most likely either have an unpublished(ie not in the MODDB) mod installed. Much more likely than that though is that another third party software is being exploited such as an outdated WordPress install or some other exploitable software. A less likely but still possible explanation is that your host has insecure or improperly configured software on their servers. For instance one major webhost out there had/has way to permissive permissions set on their shared hosting.