Home page logo
/

bugtraq logo Bugtraq mailing list archives

PHP Phorum quick fix
From: Chris Kennedy <ckennedy () GROOVY ORG>
Date: Fri, 24 Nov 2000 18:10:34 -0600

The major problem in Phorum, if all else is secured with
the admin area off limits to anyone, seems to be the reading
of local server files.  In that last email on this in the
correspondance part you can see the following...
<snip>
Hi jason,

The fix that is provided in Phorum's site doesn't efficiently take care of
the security flaw.
There is still a way of exploiting it..
Try this:
http://phorum.org/support/common.php?f=0&ForumLang=../../../../../../../etc/
resolv.conf

Best regards,

Joao Gouveia aka Tharbad
</snip>

I have included a simple fix for the moment, just declaring the
ForumLang variable statically to your language (english in mine).
This is from an older version, but this is basically a work around
for those wanting to fix it quickly (probably will have to apply
it by hand).

--- common-20001124.php Fri Nov 24 17:36:03 2000
+++ common.php  Fri Nov 24 17:37:28 2000
@@ -319,6 +319,8 @@
   }

   if($ForumLang!=""){
+    //include ("./".$ForumLang);
+    $ForumLang = "lang/english.php";
     include ("./".$ForumLang);
   }
   else{

Thanks,
Chris K
--
Chris Kennedy / ckennedy () groovy org
              \|/ ____ \|/
              "@'/ .. \`@"
              /_| \__/ |_\
                 \__U_/
-Linux SPARC Kernel Oops


  By Date           By Thread  

Current thread:
  • PHP Phorum quick fix Chris Kennedy (Nov 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault