Phorum – Full Disclosure
Posted by: voidsec
Post Date: April 21, 2016
Reading Time: < 1 minute
Reporter | VoidSec Security Team |
Advisory | VoidSec-16-002 |
Date of contact | 03-03-16 |
2nd date of contact | 16-03-16 |
3rd date of contact | 04-04-16 |
Vendor last reply | 03-03-16 |
Date of public disclosure | 21-04-16 |
Product | Phorum Open Source PHP Forum Software |
Version | 5.2.20 |
Table of Contents
Download the Report [EN]
Introduction
The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software.
Phorum is open source forum software with a penchant for speed. Phorum’s very flexible hook and module system can satisfy every web master’s needs.
During the web application security assessment for Phorum, VoidSec assessed the following systems using primarily a grey-box approach, checking security from the perspective of an external attacker, with credentials.
Vulnerabilities:
- Stored Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Missing Anti-CSRF token
- Weak lock out mechanism
- Weak password policy
- Insecure Direct Object References
- Upload of Unexpected File Types
- Business Logic Data Validation
- Weak password reset functionality
- Cookie attributes issue
- Remember password functionality
Team:
Mattia Reggiani – [email protected] – mattiareggiani.com
Federico Gerardi – AzraelSec [email protected] – azraelsec.it
Matteo Papa [email protected]