Bugtraqmailing list archives
Re: Phorum 3.3.2a remote command execution
From: "Gabriel A. Maggiotti" <gmaggiot () ciudad com ar>
Date: Sat, 18 May 2002 15:58:19 -0300
Markus Arndt wrote:
Target:Phorum 3.3.2a (prior versions?)Description:In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote usersinclude external php scripts and execute arbitary code.
Also admin.php is explotable ;) forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");Current thread:
- Phorum 3.3.2a remote command executionMarkus Arndt (May 17)
- Re: Phorum 3.3.2a remote command executionGabriel A. Maggiotti (May 18)
- Re: Phorum 3.3.2a remote command executionThomas Seifert (May 20)
- Re: Phorum 3.3.2a remote command executionGabriel A. Maggiotti (May 18)