phpBB hacking through fake cookie

Boeman · Cadet Joined: Jun 02, 2004 Posts: 2 Location: USA

Hi,

My phpbb forum was hacked recently by the use of a fake cookie.
I never heard of that method of hacking untill then.
I have been told you first need to fetch the md5 hash of the pass from an admin user. And with that hash you can build a fake cookie?

Now that's a really cool thing to do, but i don't want that to happen on my phpBB forum Sad

So my question is: is this still possible with phpBB 2.0.8, if so where the hell do they fetch the md5 hash? And how can i prevent people from doing it?

Thx for all those who can give me some answers,
Boeman

Techie-Micheal · Cadet Joined: May 27, 2004 Posts: 6 Location: USA

If you haven't already, please post in the phpBB.com Support Forum (www.phpbb.com/viewtopic.php?f=1). Our Support Team is well-equipped to assist you with this.

Techie-Micheal
phpBB Support Team Member

Boeman · Cadet Joined: Jun 02, 2004 Posts: 2 Location: USA

Ok thx for the tip, I've posted this in the phpBB Support forum as well:

http://www.phpbb.com/phpBB/viewtopic.php?p=1104538#1104538

Boeman

Techie-Micheal · Cadet Joined: May 27, 2004 Posts: 6 Location: USA

Thanks.

Sorry about the replies, they got to it before I could.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 755 pages served in previous 5 minutes. Page Rendered: 0.356 seconds.