[VIM] WTF: Phorm v3.0 Remote File Upload Vulnerability

George A. Theall theall at tenablesecurity.com
Tue Jul 31 00:26:43 UTC 2007

Another questionable advisory from ilker kandemir:

   Phorm v3.0 Remote File Upload Vulnerability

lists as an exploit:


Only trouble is, version 3.0 is distributed with a .htaccess file in 
lib/ that prevents direct access to files in that directory. And the 
first line of code in the file reads:

     if (isset($PHP_SELF) && !eregi("^phorm.php", basename($PHP_SELF))) 

While I realize there are ways around this check, the PoC as written in 
the advisory won't do that.

theall at tenablesecurity.com

More information about the VIM mailing list