what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Jul 21, 2005
Site phpbb.com

phpBB 2.0.17 has been released to fix some cross site scripting flaws in earlier versions.

tags | advisory, xss
SHA-256 | 3c919db6e03305ded631e8a8dfac067a5f66b3db8521b773e6f8fa08b4541346


Change Mirror Download
---------------------------- Original Message ----------------------------
Subject: phpBB 2.0.17 released
From: "phpBB list" <noreply@phpbb.com>
Date: Wed, July 20, 2005 12:08 am
To: security@verloren-im.net

Hi everyone,

phpBB Group announces the release of phpBB 2.0.17, the "no, we did not
forget naming it last time" release. This release addresses several
bugfixes and some low security issues as well as the recently seemingly
wide-spread XSS issue (only affecting Internet Explorer).

Please have a look down this announcement for the code changes necessary
to fix the XSS issue, we are again astounded about the energy people put
into finding the smallest issue in phpBB 2.0.x, those must have a lot of
time available. But on the other hand it is always increasing the products
security since we do not introduce new features into the 2.0.x codebase.

With this announcement I want to give you some more information regarding
phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and
brought forward the idea and concept of a complete security audit of the
2.0.x codebase. We introduced some top-notch security people,
phpBB-Modders and very talented people from our teams to participate in
this audit. We intend to implement the changes necessary - and also fixing
the found issues, hopefully giving the now very aged codebase (it is still
on a technical level from three years ago) a lift and bringing it
up-to-date with security mechanisms and techniques which are common

We also intend to open our private bugtracker system to the public for
reporting 2.0.x bugs within the next days.

As with all new releases we urge you to update as soon as possible. You
can of course find this download available on our downloads page at
As per usual three packages are available to simplify your update.

The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous
versions of phpBB. Please note this archive contains changed files for
each previous release.
Patch Files contains patch compatible patches from the previous versions
of phpBB.

As always, our Code Changes Tutorial is available too for those with
heavily modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=308426

Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before
proceeding with installation or updates!.

The changelog (contained within this release) is as follows:

- Added extra checks to the deletion code in privmsg.php - reported by
- Fixed XSS issue in IE using the url BBCode
- Fixed admin activation so that you must have administrator rights to
activate accounts in this mode - reported by ieure
- Fixed get_username returning wrong row for usernames beginning with
numerics - reported by Ptirhiik
- Pass username through phpbb_clean_username within validate_username
function - AnthraX101
- Fixed PHP error in message_die function
- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php
- reported by Double_J
- Also fixed above issue in usercp_viewprofile.php
- Fixed incorrect setting of user_level on pending members if a group is
granted moderator rights - reported by halochat
- Fixed ordering of forums on admin_ug_auth.php to be consistant with
other pages
- Correctly set username on posts when deleting a user from the admin panel

Please read the official announcement for the code changes necessary to
fix the XSS issue:

the phpBB Group

To unsubscribe from this list visit

Powered by PHPlist, www.phplist.com --

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By