user table dump

Is it possible that there is a security problem in Phorum 5.0 that someone can dump the user table out?

There is no known vulnerability of this type.

Brian - Cowboy Ninja Coder - Personal Blog - Twitter

Why do you ask? You got hacked?

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

who would still use phorum-5.0.x which is kinda ancient by now.

---

Thomas Seifert

Or someone inject php through Phorum 5.0?

What the heck are you targeting at?
You really expect to get some hacking recipe or so?
Or like I put it before: "Why do you ask? You got hacked?"

Since you seem to have started with Phorum 5.2 as your first Phorum and not with 5.0, this sounds a lot like you are trying to find a convenient way to hack into somebody else's board and rip their user database, possibly for trying to steal the other board's users. Maybe this is not the case, but you have been asking similar stuff in the past (how to find all hidden forums with a script) and with the very limited info that you provide and with targeting Phorum 5.0 , I get really really suspicious about your intentions.

To get rid of that suspicion, you really need to explain what you are targeting at, instead of doing some baitless fishing in here.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Get hacked with another forum with 5.0. Someone injected a php file in. not sure whether it is from Phorum 5.0. Still have not figured out where it is from.

Don't want to disclose which site it is because it may happen again.



Edited 2 time(s). Last edit at 08/22/2008 04:37PM by SecretNinjaMan Maker.

We have seen injections that were never tracked down to Phorum. They were more likely done through other code on the server, directly in the MySQL database. These also appeared in many applications, not only Phorum, making it less likely to be a Phorum specific hack.

Like Brian said: "There is no known vulnerability of this type." That still stands.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

What kind of code defficiency may cause php injection? I am not a good coder, any ideas you may share?

If you don't want to discuss this in public, please PM me.

Thanks!

I don't want to discuss this in public, nor in private.
The main problem would be bad coding.

Go search the net. There are many resources on web application programming and security. Some standard topics: XSS (cross site scripting), SQL injections, poisoned null byte, remote inclusion, register_globals, etc. etc.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

what functions should I use to prevent attacks from user input? Or should I ask what 5.2 is using to do that?

Mysql_real_escape_string()
Htmlspecialchars()
add_slashes()

That depends on what you are using the data for. I cannot choose one from your three proposed functions, since they target different fields of protection and they all have their needs. There is no magic function that you can call to protect your code. You need to understand what is going on and write your code based on that.

Phorum 5.2 uses mysql_real_escape_string() and mysqli_real_escape_string() to build valid SQL queries that do not suffer from SQL injections. It also uses htmlspecialchars() and htmlentities() to protect against XSS vulnerabilities. It also uses various other techniques like protecting against remove inclusions by validation of variables that can be provided by users in URLs for example.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

thanks!