Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Phorum quick fix

From: Chris Kennedy <ckennedy () GROOVY ORG>
Date: Fri, 24 Nov 2000 18:10:34 -0600
The major problem in Phorum, if all else is secured with
the admin area off limits to anyone, seems to be the reading
of local server files.  In that last email on this in the
correspondance part you can see the following...
<snip>
Hi jason,

The fix that is provided in Phorum's site doesn't efficiently take care of
the security flaw.
There is still a way of exploiting it..
Try this:
http://phorum.org/support/common.php?f=0&ForumLang=../../../../../../../etc/
resolv.conf

Best regards,

Joao Gouveia aka Tharbad
</snip>

I have included a simple fix for the moment, just declaring the
ForumLang variable statically to your language (english in mine).
This is from an older version, but this is basically a work around
for those wanting to fix it quickly (probably will have to apply
it by hand).

--- common-20001124.php Fri Nov 24 17:36:03 2000
+++ common.php  Fri Nov 24 17:37:28 2000
@@ -319,6 +319,8 @@
   }

   if($ForumLang!=""){
+    //include ("./".$ForumLang);
+    $ForumLang = "lang/english.php";
     include ("./".$ForumLang);
   }
   else{

Thanks,
Chris K
--
Chris Kennedy / ckennedy () groovy org
              \|/ ____ \|/
              "@'/ .. \`@"
              /_| \__/ |_\
                 \__U_/
-Linux SPARC Kernel Oops
Previous By Date Next
Previous By Thread Next

Current thread: