Computer Security

Security Advisory: Simple Machines Forum Cross-Site Scripting Vulnerabilities Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001

  [Full-disclosure]  ID-Commerce Security Advisory - SLR-2007-001

From:Hackers Center Security Group <DoZ_(at)_hackerscenter.com>
Date:10.01.2008
Subject:Simple Machines Forum Cross-Site Scripting Vulnerabilities Vulnerabilities

[HSC] Simple Machines Forum Cross-Site Scripting Vulnerabilities
Vulnerabilities


Simple Machines Forum allows attackers to exploiting this vulnerability by
cross-site scripting and they will be able to obtain detailed information.
This may help the attacker steal cookie-based authentication credentials and
launch other attacks.



Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Remote: YES
Class: Improper Validation.


Version: 1.1.4 & Previous!
Vendor: http://www.simplemachines.org






* Attackers can exploit these issues via a web client.



Site.com/component/option,com_smf/Itemid,8'XSS,1/topic,1.0/

Site.com/component/option,com_smf/Itemid,5/topic,1.XSS/



Solution: upgrade to SMF 2.0 1.x when vendor releases to public.


Reference: http://www.hackerscenter.com/archive/view.asp?id=28147
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server