|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.
brian
phorum.org
Date: Mon Jun 19 2006 - 17:20:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a bogus report. Please mark it as such or remove it. This so called exploit is nothing but an attemtpt to defame the name of Phorum.
1. common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.
2. The varialbe $PHORUM["http_path"] is only used for redirects and echoing in emails. It is never used to include or open files.
3. Versions of Phorum before 5.0 did not use the variable at all.
THE MHG Security Team owes the Phorum Development Team a public apology.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]