BH upgrade

From: Plößl (BOTLROKIT)21 Jan 2008 03:24
To: ALL1 of 45
hey flak, you gonna do it? I see there's a 0.8.2 out now... thinking about upgrading one of mine and see what happens.
From: ninety-ohm bedistor (CELERON)21 Jan 2008 06:15
To: Plößl (BOTLROKIT) 2 of 45
Is search fixed in 0.8.2?
From: Plößl (BOTLROKIT)21 Jan 2008 06:32
To: ninety-ohm bedistor (CELERON) 3 of 45
never was broked.
From: ironic21 Jan 2008 06:51
To: Plößl (BOTLROKIT) 4 of 45

Jeebus, don't encourage him!

WTF are you thinking?!

From: Plößl (BOTLROKIT)21 Jan 2008 07:10
To: ironic 5 of 45
UM, I MEAN, SORRY... THERE WAS NO UPGRADE. I ATE AN ADVIL LAST NIGHT AND IT FUCKED WITH MY VISION. IT WAS A HALLUCINATION, NOTHING MORE.

















better?
From: ironic21 Jan 2008 07:13
To: Plößl (BOTLROKIT) 6 of 45
Teh damage is done, rotlbokit. King Kong font be damned.
From: ninety-ohm bedistor (CELERON)21 Jan 2008 09:15
To: Plößl (BOTLROKIT) 7 of 45
Search has been broken for a long time.
From: ninety-ohm bedistor (CELERON)21 Jan 2008 09:22
To: ironic 8 of 45

The upgrade process has already been started, heres what to expect next-

1. flak sees this thread and upgrades, backing up the database first.

2. something goes wrong.

3. forum goes down for between 2 and 48 hours.

4. flak comes into chat saying "i don't know what happened, I had the database backed up, but the upgrade is failing"

5. flak eventually gets the forum back online, minus all posts from the last 6 months.

6. forum is more broken than when we started.

7. we blame flak.

8. everything goes back to normal.

9. search will still be broken.

From: ironic21 Jan 2008 09:26
To: ninety-ohm bedistor (CELERON) 9 of 45

Exactly!

Fukn rokit...

From: ninety-ohm bedistor (CELERON)21 Jan 2008 09:28
To: ironic 10 of 45
I for one look forward to the new and improved broken search functionality.
From: ironic21 Jan 2008 09:29
To: ninety-ohm bedistor (CELERON) 11 of 45
Best.Feature.Evar.
From: ninety-ohm bedistor (CELERON)21 Jan 2008 09:38
To: ironic 12 of 45


Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory

Advisory ID: SYMSA-2007-014
Advisory Title: SQL Injection Vulnerability in Beehive Forum
Software
Author: Nick Bennett
Robert Brown / robert_brown@symantec.com
Release Date: 28-11-2007
Application: Beehive Forum 0.7.1 (earlier versions also
vulnerable)
Platform: All supported
Severity: Remotely exploitable / Information Disclosure
Vendor status: Updated Application Versions Available
CVE Number: CVE-2007-6014
Reference: http://www.securityfocus.com/bid/26492


Overview:

Beehive Forum is an open source web based forum application
written in PHP. A vulnerability exists in the Beehive Forum
software that could allow a remote user to execute SQL injection
attacks. These attacks could compromise sensitive data including
usernames and passwords for the Beehive application. Arbitrary
data from other applications hosted on the same server could also
be compromised, depending on the configuration of MySQL.


Details:

This vulnerability exists because of a failure in the application
to properly sanitize user input for the variable "t_dedupe". This
variable is accepted as input in the page "post.php". The value of
this variable is then included in an SQL statement which is
executed with the PHP function "@mysql_query". This function is
specifically designed to mitigate the effects of an SQL injection
attack by not allowing multiple SQL statements in one call.
However, it is still possible to manipluate the SQL statement
through the "t_dedupe" variable to obtain arbitrary data from
the database.


Vendor Response:

There is a security vulnerability in Beehive Forum that could
allow for user logon and password MD5 hash disclosure.

This vulnerability has been fixed in the latest release of the
product, Beehive Forum 0.8. It is recommend all users immediately
obtain the newest version of Beehive Forum to protect against
this threat.

Project Beehive Forum is available for download from the project
website at http://www.beehiveforum.net/

If there are any further questions about this statement, please
contact a member of the development team.


Recommendation:

It is recommend all users immediately obtain the newest version of
Beehive Forum to protect against this threat. Project Beehive
Forum is available for download from the project website at
http://www.beehiveforum.net/.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


CVE-2007-6014


From: Plößl (BOTLROKIT)21 Jan 2008 10:01
To: ninety-ohm bedistor (CELERON) 13 of 45
let me guess... if the shit gets broke either way, because I ran my mouth, is it my fault or Flak's?
From: ninety-ohm bedistor (CELERON)21 Jan 2008 10:02
To: Plößl (BOTLROKIT) 14 of 45

Are you new here?!

It's traditional to blame flak, even when he didn't do anything.

From: ironic21 Jan 2008 10:16
To: Plößl (BOTLROKIT) 15 of 45
Nice try.
From: ninety-ohm bedistor (CELERON)21 Jan 2008 10:22
To: ironic 16 of 45

Oh come off it! We have always blamed flak, and always will, even if it's rokit's fault.

You know it's true.

From: ironic21 Jan 2008 10:40
To: ninety-ohm bedistor (CELERON) 17 of 45
Ahahahaha!!!!
From: Beowulf21 Jan 2008 11:55
To: ironic 18 of 45
quote:
Installation Incomplete
Your Beehive Forum is not installed correctly. Some required files could not be found. Please check that all the required files have been correctly uploaded. If in doubt please consult readme.txt.


That was before. Now the formatting of the pages looks like chango's hairy ASS.
From: Insert Smiley (CMERE)21 Jan 2008 12:07
To: Beowulf 19 of 45
fukin flak n rokit.
From: _ (V1M)21 Jan 2008 12:16
To: Insert Smiley (CMERE) 20 of 45
All those in favour of burining a cross on Botl's lawn say "aye".