• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CoolForum Source Disclosure Vulnerability

A vulnerability has been discovered in CoolForum v0.5 beta.

It has been reported that by passing maliciously constructed requests to the 'avatar.php' script included with CoolForum, it is possible to access arbitrary PHP files. Requesting files with this method will allow an attacker to bypass .htaccess list restrictions. Other sensitive files may also be disclosed.

It has been reported that web servers failing to implement restricted directories, such as chroot, it is possible for an attacker to access arbitrary webserver readable system files.

By exploiting this issue to access sensitive files, it may be possible for an attacker to obtain information required to launch further attacks against the target server.