XSS injection on 3.0.10

Discuss phpBB 3.0.x in general.
Forum rules
Please post any phpBB 3.1.x related topics in the phpBB 3.1.x discussion forum.
MudkipzRule
New member
New member
Posts: 5
Joined: 19 Aug 2012, 01:31

XSS injection on 3.0.10

Postby MudkipzRule » 21 Aug 2012, 06:16

I've got a user on my forum who has found a XSS injection spot somewhere on my site. He has hijacked the admins accounts many times and refuses to share the exploit? Has anyone had this happen? Does anyone know where he would be injecting? If I find, I'll share here.

User avatar
bonelifer
Administrator
Administrator
Posts: 476
Joined: 24 Jun 2006, 17:48
Real name: William
Location: htpc.MythBuntu

Re: XSS injection on 3.0.10

Postby bonelifer » 21 Aug 2012, 12:48

There are no known exploits in phpBB. You most likely either have an unpublished(ie not in the MODDB) mod installed. Much more likely than that though is that another third party software is being exploited such as an outdated WordPress install or some other exploitable software. A less likely but still possible explanation is that your host has insecure or improperly configured software on their servers. For instance one major webhost out there had/has way to permissive permissions set on their shared hosting.


Return to “phpBB 3.0.x "Olympus" discussion”

Who is online

Users browsing this forum: Bing [Bot], CommonCrawl [Bot], Google [Bot] and 0 guests