Monday, February 2, 2009

phpBB.com 0wn3d!!!

Message from phpBB.com :
====================================================

Maintenance

We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com and related sites will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.

You can download phpBB here: http://www.ohloh.net/p/phpbb

You can get support at the temporary support forums or on IRC: chat.freenode.net #phpbb

– the phpBB team

====================================================


www.phpbb.com Has Been Hacked with a public exploit published on http://www.milw0rm.com/exploits/7778 exploit type is "Local File inclusion" in phpBB hack "phpList".

The strage thing is, how a basic attack like this succeed to attempt?
phpBB.com they dont even use any basic IPS to block web attacks!!!
If phpBB.com want i can provide them with a phpBB IPS hack to block the attack ;)

Full story on: http://hackedphpbb.blogspot.com/

Respect,
Dr.Death