[VIM] WTF: Phorm v3.0 Remote File Upload Vulnerability
George A. Theall
theall at tenablesecurity.com
Tue Jul 31 00:26:43 UTC 2007
Another questionable advisory from ilker kandemir:
Phorm v3.0 Remote File Upload Vulnerability
lists as an exploit:
http://[site]/[phorm_path]/lib/fileupload.php
Only trouble is, version 3.0 is distributed with a .htaccess file in
lib/ that prevents direct access to files in that directory. And the
first line of code in the file reads:
if (isset($PHP_SELF) && !eregi("^phorm.php", basename($PHP_SELF)))
return;
While I realize there are ways around this check, the PoC as written in
the advisory won't do that.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list