Zone-H.org - FubarForum "page" Local File Inclusion Vulnerability

FubarForum "page" Local File Inclusion Vulnerability

Written by Marcelo Almeida (Vympel)

Tuesday, 24 June 2008

cOndemned has reported a vulnerability in FubarForum, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is reported in version 1.5. Prior versions may also be affected... Solution:

Update to version 1.6.

Provided and/or discovered by:
cOndemned

Original Advisory:
FubarForum:
http://chaozz.nl/2008/06/fubarforum-16-released/

cOndemned:
http://milw0rm.com/exploits/5872

Orignal article:
http://secunia.com/advisories/30811/

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]