TUCoPS :: Web BBS :: etc :: bt172.txt

Phorum Vulnerabilities




Phorum.org have acknowledged the flaws below and have released version 

3.4.3 which corrects them.



1) The Phorum download program (download.php) is vulnerable to directory

transversal attack and is able to read arbitrary files from anywhere within

the root directory - with permissions of the web service account.



2) The Phorum registration program (register.php) is vulnerable to three

flaws.



i) The Phorum registration program (register.php) fails to properly filter

a input variable - and is vulnerable to a cross site scripting attack.



ii) The Phorum registration program (register.php) can be used to perform

proxy attacks against other sites.



iii) If an existing user is chosen (say admin) the registration page is

redisplayed with the existing Phorum input variables, if cross site

scripting attacks are entered these are re-displayed.



3) The Phorum login program (login.php) is vulnerable to two flaws.



i) The Phorum login program fails to properly filter a input variable -

and is vulnerable to a cross site scripting attack.



ii) The Phorum login program can be used to perform proxy attacks against

other sites.

4) The Phorum Post program (post.php) is vulnerable to a cross site

scripting attack.



i) The Phorum post.php program fails to properly filter an input

variable  - and is vulnerable to a cross site scripting attack.



5) Multiple Phorum admin programs are vulnerable to remote command

injection attacks - by not filtering variables entered during the

registration process.



This flaw allows malicious remote users to modify the Phorum configuration

by injecting commands, as the Phorum interface is web driven.



i) The Phorum UserAdmin program is vulnerable to  command injection.



ii) The Phorum Edit user profile is also vulnerable to command injection.



iii) The Phorum stats program is also vulnerable to this attack.



6) Many Phorum programs inadvertently disclose the webroot when called

incorrectly.



smileys.php

quick_listrss.php

purge.php

news.php

memberlist.php

forum_listrss.php

forum_list_rdf.php

forum_list.php

move.php



7) The Phorum common program (common.php) is vulnerable to cross site

scripting



The phorum common.php program fails to properly filter a input variable  -

and is vulnerable to a cross site scripting attack.



**********************************************



Procheckup as requested by Phorum have not released full details of our

discovered vulnerabilities. We understand how important full exploit code

can be to pen testers - and will fully release this in 30 days thus giving 

Phorum administrators time to update.



**********************************************



ProCheckUp. Changing the future of penetration testing.



www.procheckup.com




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH