biatch&dawg Custom Clothing

Featured Slideshow

Security problems with Phorum 3.1/higher

Submitted by hitbsecnews on Sun, 2000-12-03 00:05

Latest exploit in Phorum, saw it over in an article at NewOrder, originally written and founded by João Gouveia and Brian Moon. Original article: here.

This bug allows remote attackers to expose files in the server where Phorum is stored, any files. It also "allow attackers to read the source of php files", as described in the original article. However, only Phorum versions 3.1 up to 3.2.9 are vulnerable. This of course, also leaves HITB's forum vulnerable, since it's using Phorum version 3.1.1a, ;-)

The bug is the result of several lines of faulty php coding in common.php. For the exact codes and explanation, go to the original article.

Example of an exploit:
http://www.hackinthebox.org/phorum/common.php?f=0&ForumLang=../../../../etc/passwd will expose /etc/passwd in HITB's server. ;-)

So, what are ya waiting for l33tdawg? Upgrade your Phorum now!



Thanks a lot for the information - now imagine... I would have been in real deep shit had this exploit been used for malicious intent on hackinthebox.org -- if only there were more white hats around, perhaps the world might be a better place.

Source: 
Tags: 
Audio/Video

 

5 comments for 'Security problems with Phorum 3.1/higher'

Submitted by SecNews Guest on Sun, 2000-12-03 00:14

BTW - The Phorum is up (for viewing that is) but I haven't made all the upgrade changes as yet, so you won't be able to post anything until I've finished the upgrade.

Submitted by SecNews Guest on Sun, 2000-12-03 00:23

Considering the fact that the Forum section is perhaps the LEAST used feature on the site - I'm actually considering removing it all together - I mean if no one is using it, its kind of pointless having it running in the first place. Anybody have anything to say about this?

Submitted by SecNews Guest on Mon, 2000-12-04 06:17

Yeah there is a forum - but I'm guessing from the lack of posts within it, either a.) No body knows about it or b.) No body can be bothered to use it.



What's your suggestion then? Should I bother fixing it completely? (the bug has been patched) or should I just remove it?


Submitted by SecNews Guest on Tue, 2000-12-05 21:24

Okay - I've decided to remove the forum all together. It wasn't very well used, and I think it was pretty much a waste of resources. I might add it back in perhaps some time next year - we'll see. If I get an overwhelming response to put it back up *something I doubt very highly* then I'll put it back. The database is still active, I've just removed the code.