|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: PHP Phorum quick fix
From: Chris Kennedy (ckennedy
GROOVY.ORG)Date: Fri Nov 24 2000 - 18:10:34 CST
- Next message: Chris Sharp: "BSDi 3.0/4.0 rcvtty gid=tty exploit... (mh package)"
- Previous message: hellnbakHUSHMAIL.COM: "Submission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The major problem in Phorum, if all else is secured with
the admin area off limits to anyone, seems to be the reading
of local server files. In that last email on this in the
correspondance part you can see the following...
<snip>
Hi jason,
The fix that is provided in Phorum's site doesn't efficiently take care of
the security flaw.
There is still a way of exploiting it..
Try this:
http://phorum.org/support/common.php?f=0&ForumLang=../../../../../../../etc/
resolv.conf
Best regards,
Joao Gouveia aka Tharbad
</snip>
I have included a simple fix for the moment, just declaring the
ForumLang variable statically to your language (english in mine).
This is from an older version, but this is basically a work around
for those wanting to fix it quickly (probably will have to apply
it by hand).
--- common-20001124.php Fri Nov 24 17:36:03 2000
+++ common.php Fri Nov 24 17:37:28 2000
-319,6 +319,8
}
if($ForumLang!=""){
+ //include ("./".$ForumLang);
+ $ForumLang = "lang/english.php";
include ("./".$ForumLang);
}
else{
Thanks,
Chris K
-- Chris Kennedy / ckennedy
- Next message: Chris Sharp: "BSDi 3.0/4.0 rcvtty gid=tty exploit... (mh package)"
- Previous message: hellnbakHUSHMAIL.COM: "Submission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]