Blog

Posts Tagged ‘Security’

How (not) to use request_var

Posted by igorw in Modifications with the tags , on September 10th, 2009

Note: This post is targeted at MOD authors and contains many technical details.

Introduction

Amongst the great security features that phpBB 3.0 provides is the function used for processing user input, request_var.  This function was designed to make it easy to securely retrieve user inputted data.  It is one of the most important security functions in a system that retrieves external data as it can (with caveats that will be elaborated upon) single-handedly stop XSS and SQL injection attacks dead in their tracks

The reason we have created this blog post is to give more information to modification developers on how to properly explain how this works and why you should use it.

Read the rest of this entry »

Tutorial: Injection Vulnerability Prevention

Posted by TerraFrost in Development, Modifications with the tags , , on February 12th, 2009


Notice
Some websites have claimed this article discloses an “injection vulnerability” in phpBB. It does not. What this post actually does is provide an overview of vulnerabilities commonly introduced by third-party modifications to phpBB and discusses what the authors of said modifications need to do to protect their code against attack.

Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.

To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.

Read the rest of this entry »

Fighting CSRF

Posted by Kellanved in Development, Modifications with the tags , , on January 14th, 2009

Cross-Site-Request-Forgery, short CSRF, is a type of vulnerabilities that gets more and more attention. The concept can be translated as “tricking the browser into automatically performing some action using the user’s privileges”. Let’s see what phpBB does about it.

Read the rest of this entry »

Attachment Headaches with the Internet Explorer

Posted by Kellanved in Development, Modifications, Styles, Support with the tags , , on October 25th, 2008

Recently we got many bug reports about problems with the IE8 beta browsers. The problem is that we cannot accommodate beta browsers in our software – the next beta will break our adjustments. But why have we chosen to include some other IE8 features? The answer is simple: security

This post will give you insights into one of the more obscure security implications of file uploads.

Read the rest of this entry »

“Exploits from the crypt – let’s put them back”

Posted by Kellanved in Development with the tags , , , on July 6th, 2008

Yes, it is no secret that phpBB’s reputation regarding security has not yet recovered completely. We take every report about possible vulnerabilities seriously and are deeply grateful about reports on our security tracker. We give full credit for all undisclosed valid reports made on our trackers.

Even if one is not sure about what happened, the nice guys from the Incident Investigation Team will help you figure it out. If in doubt: report.

The things floating on the web and frequently washing up in our tracker are usually not valid, however. Ready for the fun? Here comes the first installment of “Exploits from the crypt”:

Read the rest of this entry »