I love phpBB, but love’s got bugs :)

phpbb is one of the most commonly used bullentin board CMSs around. With a large community and support they’ve build a very scalable and nice installation that can get a board running in 10 minutes ( you should have done the homework though ).

Though even the securest servers are cracked, and SVNs are poisoned with injections. i happed to find overflow that can send a phpbb board run in tizzy.

We take a lot for granted. A post coming from “xyz” id is meant to be posted by the maker of that id. Imagine if someone takes on another preexisting identity and starts posting. The Board will lose all integrity and faith that its users have. It will become a complete havoc, a mayhem.

Recently, I was surfing my board as a guest user and I happened to discover a nice cross-site bug. On trying it several times, i discovered it was working for my board. Just then I popped in another popular Delhi college’s forum URL and alas it worked there too.

I am writing a full disclosure report on that

Till i am in Delhi,

Anirudh

the namesake

Its my last day today before hols here in Rajasthan before holidays. I have a vivid set of tasks to be completed.

1. Go IISc Bangalore and wrap up the incomplete work at Intel IRIS antispam project. Hoping to create something like Akismet which’s guarding the blog right now

2. Multitouch is something that excites me, Iphone was good but the 3 touch limit leaves a lot to crave. Grabbing a Philips SP900n camera will solve the problem. My 6 year old cousin can then make the MT shoebox table for me then damn its so easy.

3. Nmap and OSSIM brushup for Google SoC.

4. A lot of beer with Bhasma and Physicsmonk in Delhi

Bon voyage me!

“zwanderer”

aka Anirudh Sharma