Posted by TerraFrost in Development, Modifications with the tags Development, phpBB, Security on February 12th, 2009
Notice
Some websites have claimed this article discloses an “injection vulnerability” in phpBB. It does not. What this post actually does is provide an overview of vulnerabilities commonly introduced by third-party modifications to phpBB and discusses what the authors of said modifications need to do to protect their code against attack.
Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.
To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.
Read the rest of this entry »
21 Comments
Posted by battye in Modifications with the tags array, condition, for, if, loop, PHP, phpBB, statement, while on November 21st, 2008
If you want to make a MOD and you just don’t know where to start, I think the best thing to do is to look at existing MODs to see how other MOD authors go about doing certain tasks. If looking at an existing .php file makes absolutely no sense, type a keyword of what you don’t understand into the search box on http://www.php.net – in many cases it will be a PHP function that will be well explained and documented.
For this blog post, I will address the four basics of PHP. Understanding these concepts will give you a kick start into the world of PHP and MODding.
Read the rest of this entry »
26 Comments
Posted by battye in Moderating with the tags Administrator, Community, phpBB on July 1st, 2008
The number one question most administrators ask is “how do I attract users to my website?”. Unfortunately, there is no magical answer which will apply to everyone, but there are things which you can do as an administrator to ensure visitors to your forum will stick around long enough to register.
Once you have chosen your niche and set up your forum, you have a blank canvas. As a site administrator you have two levels to work on:
- A technical level, and;
- A user level
On the technical level, you are the webmaster and the forum administrator.
Read the rest of this entry »
24 Comments