Phorum Vulnerabilities

[<webmaster () procheckup com>]

Phorum.org have acknowledged the flaws below and have released version 
3.4.3 which corrects them.

1) The Phorum download program (download.php) is vulnerable to directory
transversal attack and is able to read arbitrary files from anywhere within
the root directory - with permissions of the web service account.

2) The Phorum registration program (register.php) is vulnerable to three
flaws.

i) The Phorum registration program (register.php) fails to properly filter
a input variable - and is vulnerable to a cross site scripting attack.

ii) The Phorum registration program (register.php) can be used to perform
proxy attacks against other sites.

iii) If an existing user is chosen (say admin) the registration page is
redisplayed with the existing Phorum input variables, if cross site
scripting attacks are entered these are re-displayed.

3) The Phorum login program (login.php) is vulnerable to two flaws.

i) The Phorum login program fails to properly filter a input variable -
and is vulnerable to a cross site scripting attack.

ii) The Phorum login program can be used to perform proxy attacks against
other sites.
4) The Phorum Post program (post.php) is vulnerable to a cross site
scripting attack.

i) The Phorum post.php program fails to properly filter an input
variable  - and is vulnerable to a cross site scripting attack.

5) Multiple Phorum admin programs are vulnerable to remote command
injection attacks - by not filtering variables entered during the
registration process.

This flaw allows malicious remote users to modify the Phorum configuration
by injecting commands, as the Phorum interface is web driven.

i) The Phorum UserAdmin program is vulnerable to  command injection.

ii) The Phorum Edit user profile is also vulnerable to command injection.

iii) The Phorum stats program is also vulnerable to this attack.

6) Many Phorum programs inadvertently disclose the webroot when called
incorrectly.

smileys.php
quick_listrss.php
purge.php
news.php
memberlist.php
forum_listrss.php
forum_list_rdf.php
forum_list.php
move.php

7) The Phorum common program (common.php) is vulnerable to cross site
scripting

The phorum common.php program fails to properly filter a input variable  -
and is vulnerable to a cross site scripting attack.

**********************************************

Procheckup as requested by Phorum have not released full details of our
discovered vulnerabilities. We understand how important full exploit code
can be to pen testers - and will fully release this in 30 days thus giving 
Phorum administrators time to update.

**********************************************

ProCheckUp. Changing the future of penetration testing.

www.procheckup.com