Bugtraq mailing list archives
PHP Phorum quick fix
From: Chris Kennedy <ckennedy () GROOVY ORG>
Date: Fri, 24 Nov 2000 18:10:34 -0600
The major problem in Phorum, if all else is secured with the admin area off limits to anyone, seems to be the reading of local server files. In that last email on this in the correspondance part you can see the following... <snip> Hi jason, The fix that is provided in Phorum's site doesn't efficiently take care of the security flaw. There is still a way of exploiting it.. Try this: http://phorum.org/support/common.php?f=0&ForumLang=../../../../../../../etc/ resolv.conf Best regards, Joao Gouveia aka Tharbad </snip> I have included a simple fix for the moment, just declaring the ForumLang variable statically to your language (english in mine). This is from an older version, but this is basically a work around for those wanting to fix it quickly (probably will have to apply it by hand). --- common-20001124.php Fri Nov 24 17:36:03 2000 +++ common.php Fri Nov 24 17:37:28 2000 @@ -319,6 +319,8 @@ } if($ForumLang!=""){ + //include ("./".$ForumLang); + $ForumLang = "lang/english.php"; include ("./".$ForumLang); } else{ Thanks, Chris K -- Chris Kennedy / ckennedy () groovy org \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ -Linux SPARC Kernel Oops
Current thread:
- PHP Phorum quick fix Chris Kennedy (Nov 28)