Re: Phorum 3.3.2a remote command execution

From: Thomas Seifert (thomasat_private)
Date: Sat May 18 2002 - 17:12:51 PDT

Next message: George Capehart: "Re: Verisign PKI: anyone to subordinate CA"

Previous message: Guillaume PELAT: "Re: ps under FreeBSD"
In reply to: Gabriel A. Maggiotti: "Re: Phorum 3.3.2a remote command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sorry no, this is not the same case.

The line you posted is inbetween a
if(file_exists("$PHORUM[settings_dir]/replace.php")) {
...

file_exists only works on local filesystems.
This may only work on the local server, if a user has access to it.

Thomas

On Sat, 18 May 2002 15:58:19 -0300
"Gabriel A. Maggiotti" <gmaggiotat_private> wrote:

> Markus Arndt wrote:
> 
> > Target:
> > Phorum 3.3.2a (prior versions?)
> >
> > Description:
> > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> > include external php scripts and execute arbitary code.
> 
> Also admin.php is explotable ;)
> 
>  forum/plugin/replace/admin.php:    include("$PHORUM[settings_dir]/replace.php");
>

Next message: George Capehart: "Re: Verisign PKI: anyone to subordinate CA"
Previous message: Guillaume PELAT: "Re: ps under FreeBSD"
In reply to: Gabriel A. Maggiotti: "Re: Phorum 3.3.2a remote command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 20 2002 - 18:30:44 PDT