Highlighting vulnerability in phpBB 2.x

Team Member Joined: 06 Jan 2002 Posts: 2564

All versions of phpBB 2 are affected by this vulnerability. It can be exploited by linking to a forum with malicious code in the query string (something like this: viewtopic.php?id=1234&highlight=malicious code here).

Find out more: http://www.phpbb.com/phpBB/viewtopic.php?p=330627#330627

If you need any help with applying the fix, just ask!

Posted: Fri Nov 22, 2002 7:41 pm (21 years, 5 months ago)

I put the fix in but but I get a parse error.

I'm going to check I didn't miss something, but did you have that problem?

Team Member Joined: 06 Jan 2002 Posts: 2564

No, I didn't (but then I didn't follow those instructions - I made the changes from CVS). What line is it on? And what is on that line (of course!)?

Otherwise, try downloading the whole viewtopic.php file from CVS, if you don't have any mods in that file.

Posted: Fri Nov 22, 2002 7:51 pm (21 years, 5 months ago)

I took it off as people were using the board Laughing

but I believe it said 451, doesn't look like anything out of place

It might be the last change in the instuctions
its certainly throwing the syntax colouring in my text editor - looks like the php tag
but that might be nothing

Never used CVS before can you point me right at the file, as I'm having trouble finding it?
Thanks

Team Member Joined: 06 Jan 2002 Posts: 2564

Hi Darren,

Here is the latest version of viewtopic.php from CVS:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpbb/phpBB2/viewtopic.php?rev=1.186.2.11&only_with_tag=phpBB-2_0_0&content-type=text/vnd.viewcvs-markup

Posted: Fri Nov 22, 2002 8:02 pm (21 years, 5 months ago)

Thanks!
All seems to be working Very Happy