FUDforum: Bug Reports » uninstall.php

Home » FUDforum Development » Bug Reports » uninstall.php

Show: Today's Messages :: Polls :: Message Navigator

uninstall.php [message #24625]

Sat, 07 May 2005 10:50

danger

Messages: 11
Registered: May 2005
Location: Slovakia

Karma: 0

Junior Member

firstly: I don't know if i can call this "bug" but it is really big security hole :/

I have taken note that in the forum directory, there is a uninstall.php script. So I have decided to touch if from web. I got a html form, where I have just added /home/user and it deleted everything under this directory that was deletable by group under the apache is running (note that if it was running under root, attacker could remove whole filesystem)!!! (luckily I had everything backuped.)

I think that this script could be chmoded to 000 after forum install and when user decide to uninstall his forum, he will need to chmod it to 644. alternatively, there should be some kind of authentification method, since the after-effects should be really bad if some attacer is able to run this script :/

[Updated on: Sat, 07 May 2005 11:05]

Report message to a moderator

Re: uninstall.php [message #24633 is a reply to message #24625]

Sat, 07 May 2005 15:12

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

I've added notes about this script in the readme files distributed with the forum. But, you must understand is that this file is not intended for web directories nor can it have authentication because the forum install may have failed and we can't query the login database.

For safety purposes from now one the script's permissions will be 0600, preventing it to be executed via the web by default.

FUDforum Core Developer

Report message to a moderator