https://www.exploit-db.com/exploits/20587
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-204

Phorum是Phorum团队开发的一套基于PHP和MySQL的开源论坛应用程序。Phorum存在一个漏洞允许远程用户发送任意邮件，而且不需要任何验证。violation.php3处理URL的参数，通过主机的MTA给Mod参数指定的email发送邮件，不过要记住的是，这封电子邮件会包含攻击者的IP(或代理服务器IP)和FQDN。恶意用户可能利用这个漏洞发送垃圾邮件或邮件炸弹等行径，可能让WEB主机的IP被加入垃圾邮件服务器的黑名单。

source: http://www.securityfocus.com/bid/2272/info

Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats forums and discussions.

A problem with the Phorum package could allow remote users to arbitrarily relay email. Due to the way violation.php3 handles URL's as arguments, it is possible to create a custom crafted URL request to the script which will allow a remote user to send email through the hosts MTA. This email will then be delivered to the specified person with the appearance of coming from the web host. This problem makes it possible for a user with malicious intentions to socially engineer, mailbomb, or spam from the web host, and potentially get the host blacklisted in one of such lists. 

This vulnerability may be exploited requesting a URL of:

http://some.host.com/[email protected]&ForumName=text_to_spam

Where [email protected] is the destination of the mail, and text_to_spam is the text to appear in the body of the mail.

来源:BID
名称:2272
链接:http://www.securityfocus.com/bid/2272
来源:BUGTRAQ
名称:20000106Phorum3.0.7exploitsandIDSsignatures
链接:http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html