Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Thomas Seifert (thomasphorum.org)
Date: Sat May 18 2002 - 19:12:51 CDT
sorry no, this is not the same case.
The line you posted is inbetween a
file_exists only works on local filesystems.
This may only work on the local server, if a user has access to it.
On Sat, 18 May 2002 15:58:19 -0300
"Gabriel A. Maggiotti" <gmaggiotciudad.com.ar> wrote:
> Markus Arndt wrote:
> > Target:
> > Phorum 3.3.2a (prior versions?)
> > Description:
> > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> > include external php scripts and execute arbitary code.
> Also admin.php is explotable ;)
> forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");