Security problems with Phorum 3.1/higher
This bug allows remote attackers to expose files in the server where Phorum is stored, any files. It also "allow attackers to read the source of php files", as described in the original article. However, only Phorum versions 3.1 up to 3.2.9 are vulnerable. This of course, also leaves HITB's forum vulnerable, since it's using Phorum version 3.1.1a, ;-)
The bug is the result of several lines of faulty php coding in common.php. For the exact codes and explanation, go to the original article.
Example of an exploit:
http://www.hackinthebox.org/phorum/common.php?f=0&ForumLang=../../../../etc/passwd will expose /etc/passwd in HITB's server. ;-)
So, what are ya waiting for l33tdawg? Upgrade your Phorum now!
Thanks a lot for the information - now imagine... I would have been in real deep shit had this exploit been used for malicious intent on hackinthebox.org -- if only there were more white hats around, perhaps the world might be a better place.
- Sun, 2013-05-19 22:59
- Sun, 2013-05-19 22:53
- Wed, 2013-03-13 05:37