Bugtraq mailing list archives
Re: Phorum 3.3.2a remote command execution
From: "Gabriel A. Maggiotti" <gmaggiot () ciudad com ar>
Date: Sat, 18 May 2002 15:58:19 -0300
Markus Arndt wrote:
Target: Phorum 3.3.2a (prior versions?) Description: In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users include external php scripts and execute arbitary code.
Also admin.php is explotable ;)
forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
Current thread:
- Phorum 3.3.2a remote command execution Markus Arndt (May 17)
- Re: Phorum 3.3.2a remote command execution Gabriel A. Maggiotti (May 18)
- Re: Phorum 3.3.2a remote command execution Thomas Seifert (May 20)
- Re: Phorum 3.3.2a remote command execution Gabriel A. Maggiotti (May 18)