TUCoPS :: Web BBS :: etc :: b06-3878.htm

Cross-Site Scripting and Local File Inclusion in Phorum
Cross-Site Scripting and Local File Inclusion in Phorum
Cross-Site Scripting and Local File Inclusion in Phorum


Some vulnerabilities have been discovered in Phorum, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and potentially compromise a vulnerable system. =0D
=0D
=0D
1) Input passed to the "template" parameter in pm.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.=0D
=0D
Example:=0D
http://[host]/pm.php?1,page=1&template=[file]%00=0D 
=0D
=0D
=0D
Another unspecified parameter is reportedly also affected. =0D
=0D
=0D
Successful exploitation requires that "register_globals" is enabled and that "magic_quotes_gpc" is disabled.=0D
=0D
This can further be exploited to include arbitrary PHP code injected into Apache web logs.=0D
=0D
2) Input passed to the "mode" parameter in posting.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.=0D
=0D
The vulnerabilities have been confirmed in version 5.1.14. Prior versions may also be affected.=0D
=0D
=0D
=0D
 =0D
=0D
Solution:=0D
Update to version 5.1.15.=0D
http://www.phorum.org/downloads.php=0D 
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH