The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

chkphpbbver, Another Script from NDCHost/cPlicensing

Discussion in 'cPanel Developers' started by shaun, Dec 27, 2004.

  1. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    After the havoc phpbb has caused we wrote a script that will find vulnerable versions of phpbb for 2.0.x Below is a link, please report bugs to bugs@ndchost.com

    use --help to see a list of features/options also!

    http://www.cplicensing.net/scripts.php#chkphpbbver

    We can preform script installation, cron setup, etc for a $10/Fee if needed.
     
  2. Dr. Bogger

    Dr. Bogger Well-Known Member

    Joined:
    Dec 21, 2003
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I downloaded your script and i get the following error when i run it:

    Code:
    DBD::mysql::db do failed: You have an error in your SQL syntax.  
    Check the manual that corresponds to your MySQL server version for the 
    right syntax to use near 'grant' at line 1 at chkphpbbver line 62.  
    
    Whats wrong?

    This is the full output I get:

    Code:
    root@x4 [~/scripts]# perl chkphpbbver
    PHPBB Version Checker           For More Scripts GoTo: http://www.cPlicensing.net/
    Written By: Shaun.Reitan <> Network Data Center Host, Inc.
    
    This script will search all of your mysql databases for a vulnerable version of phpbb
    
    DBD::mysql::db do failed: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'grant' at line 1 at chkphpbbver line 62.
    Searching...Complete, Found 12 Vulnerable Versions of PHPBB 2.0.x
    
    User: *hidden*, Version: .0.10, WebPath: /forums/
    User: *hidden*, Version: .0.10, WebPath: /rocket/
    User: *hidden*, Version: .0.8, WebPath: /forum/
    User: *hidden*, Version: .0.10, WebPath: /
    User: *hidden*, Version: .0.10, WebPath: /forum/
    User: *hidden*, Version: .0.10, WebPath: /forums/
    User: *hidden*, Version: .0.10, WebPath: /
    User: *hidden*, Version: .0.10, WebPath: /kmachine/
    User: *hidden*, Version: .0.10, WebPath: /forum/
    User: *hidden*, Version: .0.10, WebPath: /youthboard/
    User: *hidden*, Version: .0.9, WebPath: /forum/
    User: *hidden*, Version: .0.10, WebPath: /forum/
    root@x4 [~/scripts]#
    
     
  3. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    the "DBD::mysql::db do failed:" errors look to be a bug in the DBD::mysql module. It doesnt seam to handle databased with a _ on the end fo them. I have resolved the problem by modifying the sql statement and if you download the new version of the script again you should no long see errors.
     
  4. Earendil

    Earendil Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16
    unfortunately this caught a vBulletin 3.0.1 forum too... weirdly enough.
     
  5. brentp

    brentp Well-Known Member

    Joined:
    Mar 11, 2004
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ayr, North Queensland, Australia
    If you want a script that actually fixes the installs check out my script at http://cpscripts.info:30000/cpanel/patches/addon_antisanty.cgi .

    wget the file, move it to /usr/local/cpanel/whostmgr/docroot/cgi
    chmod +x it
    and then run it in whm. It has been thouroughly tested and it has not been known to break any phpbb boards and/or vbulletins. However, it may break the phpnuke forum module since it is actually a modded phpbb (hasnt been tested on that).

    Regards,
    Brent
     
  6. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    Are you sure that the user didnt have both a vbulletin forum and phpbb forum both using the same database? It is possible since both vbulletin and phpbb use a table prefix (ex: phpbb_ )

    Check that users db for a table ending with _config and then do a select * from table_name it might shed some light on why it was picked up in the scan.



    For all of you that use Brent123's script, my script will still show the phpbb version as being bad because his script is not upgrading phpbb it's just implementing a fix. I would highly recommending that users upgrade there forum, fixes are nice but you should always upgrade. Nice script Brent123
     

Share This Page