Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Phorum 3.3.2a remote command execution
From: Thomas Seifert <thomas () phorum org>
Date: Sun, 19 May 2002 02:12:51 +0200
sorry no, this is not the same case.

The line you posted is inbetween a
if(file_exists("$PHORUM[settings_dir]/replace.php")) {
...

file_exists only works on local filesystems.
This may only work on the local server, if a user has access to it.

Thomas

On Sat, 18 May 2002 15:58:19 -0300
"Gabriel A. Maggiotti" <gmaggiot () ciudad com ar> wrote:


Markus Arndt wrote:


Target:
Phorum 3.3.2a (prior versions?)

Description:
In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
include external php scripts and execute arbitary code.


Also admin.php is explotable ;)

 forum/plugin/replace/admin.php:    include("$PHORUM[settings_dir]/replace.php");

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]