[25519] in bugtraq
Re: Phorum 3.3.2a remote command execution
daemon@ATHENA.MIT.EDU (Thomas Seifert)
Mon May 20 21:32:57 2002
Date: Sun, 19 May 2002 02:12:51 +0200
From: Thomas Seifert <thomas@phorum.org>
To: gmaggiot@ciudad.com.ar
Cc: bugtraq@securityfocus.com
Message-Id: <20020519021251.12547d69.thomas@phorum.org>
In-Reply-To: <3CE6A44B.207D31C4@ciudad.com.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
sorry no, this is not the same case.
The line you posted is inbetween a
if(file_exists("$PHORUM[settings_dir]/replace.php")) {
...
file_exists only works on local filesystems.
This may only work on the local server, if a user has access to it.
Thomas
On Sat, 18 May 2002 15:58:19 -0300
"Gabriel A. Maggiotti" <gmaggiot@ciudad.com.ar> wrote:
> Markus Arndt wrote:
>
> > Target:
> > Phorum 3.3.2a (prior versions?)
> >
> > Description:
> > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> > include external php scripts and execute arbitary code.
>
> Also admin.php is explotable ;)
>
> forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
>
