Re: Phorum 3.3.2a remote command execution

From: Gabriel A. Maggiotti (gmaggiotat_private)
Date: Sat May 18 2002 - 11:58:19 PDT

Next message: Jakub Filonik: "ps under FreeBSD"

Previous message: kikaijuat_private: "Re: Xerox DocuTech problems"
In reply to: Markus Arndt: "Phorum 3.3.2a remote command execution"
Next in thread: Thomas Seifert: "Re: Phorum 3.3.2a remote command execution"
Reply: Thomas Seifert: "Re: Phorum 3.3.2a remote command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Markus Arndt wrote:

> Target:
> Phorum 3.3.2a (prior versions?)
>
> Description:
> In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> include external php scripts and execute arbitary code.

Also admin.php is explotable ;)

 forum/plugin/replace/admin.php:    include("$PHORUM[settings_dir]/replace.php");

Next message: Jakub Filonik: "ps under FreeBSD"
Previous message: kikaijuat_private: "Re: Xerox DocuTech problems"
In reply to: Markus Arndt: "Phorum 3.3.2a remote command execution"
Next in thread: Thomas Seifert: "Re: Phorum 3.3.2a remote command execution"
Reply: Thomas Seifert: "Re: Phorum 3.3.2a remote command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 18 2002 - 12:29:28 PDT