PHP is a powerful server-side scripting language for creating dynamic and interactive websites.
PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP. PHP is perfectly suited for Web development and can be embedded directly into the HTML code.
The PHP syntax is very similar to Perl and C. PHP is often used together with Apache (web server) on various operating systems. It also supports ISAPI and can be used with Microsoft's IIS on Windows.

Saturday, June 14, 2008

FOG Forum "index.php" Local File Inclusion Vulnerabilities

Description:
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)