Need more info on: phpBB < 2.0.10 Vulnerability

[killer_cow]

Hi there I'm wondering if any of you has an incite into the recent vulnerability that was reported a few days ago.

http://www.kb.cert.org/vuls/id/497400

This is the information I found on it as well as some info about it from other websites, but this isn't enough. I need to know how the hacker managed to exploit phpBB because I am currently developing a web forum for a web site I'm doing. I've restricted input for Usernames and Passwords to ONLY be letters a-Z and numbers 0-9. Anything apart from the will return an error. Is this secure enough?

Also, does anyone know how I can prevent a user from submitting a main body of text that could be executed by PHP. Currently they could place PHP instructions into the body of text and it would be processed by the server (not good!). Any fancy coding which would maybe go on the 'outside' of the main body to prevent such execution? Filtering all the different combinations of injection could be almost impossible.


Feed me knowledge!

-KC

[greffov]

Quote:

phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter

this is usually a forgotten [database]_escape_quotes($string) call.
To help you on your way, most web applications suffer from SQL injection attacks. If you're building a web app yourself, make sure you ALWAYS:
- escape your user input before using it in an SQL query
- initialise each variable you use if you have register_globals switched on
- html_special_chars($mytext) each text that comes from a user or database before actually outputting it to the browser.