Westpoint Security Advisory

Title:        Phorum 5.2.10 Arbitrary Redirection Vulnerability in login.php
Risk Rating:  Low
Platforms:    PHP (Windows and UNIX)
Author:       Andrew Paterson <andrew@westpoint.ltd.uk>
Date:         06 Mar 2009
Advisory ID#: wp-09-0003
URL:          http://www.westpoint.ltd.uk/advisories/wp-09-0003.txt
CVE:          number requested from cve@mitre.org on 05 Mar 2009


Phorum 5.2.10 contains a flaw in login.php which allows users with login
credentials to be re-directed to arbitrary locations.


http://{phorum_location}/login.php uses the "redir" parameter to redirect a
user who successfully logs on to an arbitrary page, for example:


This exploit requires a registered user to be logged in.


An attacker could supply malicious URLs which redirect registered users of a
Phorum site to a different location.  This site could then pose as the
legitimate site and prompt users to provide sensitive information. It could
also contain any other type of malicious content.


06 Mar 2009    Phorum authors informed of the vulnerability
14 Mar 2009 (01:44)  Fix applied by Phorum developer ts77 (see http://www.phorum.org/changelog-5.txt)
22 May 2009    Phorum 5.2.11 released, with fix applied: http://www.phorum.org/phorum5/read.php?64,138376,138376

Designed & Built by e3creative