[UNIX] Phorum Discussion Board Security Bug (Email Disclosure)

From: support@securiteam.com
Date: 02/24/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Sun, 24 Feb 2002 23:13:48 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Phorum Discussion Board Security Bug (Email Disclosure)
------------------------------------------------------------------------

SUMMARY

 <http://sourceforge.net/projects/phorum> Phorum is a web based discussion
software written in PHP. Phorum utilizes a database to manage its
messages. It focuses on a generic but customizable user interface and high
quality administration functionality. A security vulnerability in the
product allows revealing of sensitive email information.

DETAILS

Vulnerable systems:
Phorum version 3.3.2

A bug in the PHP based forum script Phorum makes it possible to obtain the
email addresses of the 10 most active users. In the 'admin/' directory of
the forum there is a script called 'stats.php' that allows administrators
(and anyone else, since there is no password check on this PHP script) to
view the 10 most active users of the phorum.

Exploit:
Point the browser to:
http://www.example.com/phorum/admin/stats.php
Select the range of statistics analysis and it will show some numbers plus
the ten most active users including their email addresses.

ADDITIONAL INFORMATION

The information has been provided by <mailto:agricola@chriscom.nl>
Agricola.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NEWS] SpiDynamics WebInspect Keeps Track of Its Users (Trial License)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... WebInspect, S.P.I. Dynamic's premier product, is a network-based web ... We make no effort to hide that this remote authentication is done. ...
    (Securiteam)
  • [NT] DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... requests and to allow attackers to download files that reside the outside ...
    (Securiteam)
  • [UNIX] Multiple Security Issues in Geeklog (XSS, SQL Inject)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... the vulnerabilities would allow a remote attacker to ... SQL Injection: ...
    (Securiteam)
  • [NT] WebEasyMail Multiple Security Vulnerabilities (User disclosure, DoS)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... to reveal which username are valid on the remote host. ...
    (Securiteam)
  • [UNIX] DCP-Portal Cross-Site Scripting
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in the product allows ... the members page, this CSS vulnerability will take effect. ...
    (Securiteam)