Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

From:	smf2.review_(at)_gmail.com <smf2.review_(at)_gmail.com>
Date:	02.12.2009
Subject:	40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)

This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net
http://labs.elhacker.net/simpleaudit

Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities.

The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details.

You can review the list of the published vulnerabilities in:
http://code.google.com/p/smf2-review/issues/list



 CSRF, RCE   PHP Remote Code Execution SMF2 www.kernel32   
 CSRF   CSRF theme change SMF2, SMF1 www.kernel32   
 CSRF   Subforum Category Collapse CSRF SMF2, SMF1 www.kernel32   
 CSRF   CSRF en el gestor de servidores de paquetes SMF2, SMF1 www.kernel32   
 XSS   XSS in package server manager SMF2, SMF1 www.kernel32   
 CSRF   CSRF package deletion and installed package disclosure SMF2 www.kernel32   
 CSRF, XSS   Attached files configuration CSRF SMF2 www.kernel32   
 XSS   XSS in "Enable basic HTML in posts" SMF2 sirdarckcat   
 RFD   Remote File Disclosure (solo en logs, y similares) SMF2 sirdarckcat   
 CSRF   CSRF en Moderation Preferences SMF2 sirdarckcat   
 XSS   XSS en el censurador de palabras SMF2, SMF1 sirdarckcat   
 CSRF   CSRF in Polls SMF2, SMF1 sirdarckcat   
 XSS   installer XSS SMF2 brlvldvlsmrtnz   
 XSS   XSS in the installer (install.php) SMF2 cicatriz.r00t   
 CSRF   CSRF in the message rule manager SMF2 cicatriz.r00t   
 XSS   XSS in smileys manager SMF2 cicatriz.r00t   
 XSS   Error log XSS SMF2 www.kernel32   
 CSRF   Arbitrary package deinstalation CSRF SMF2 www.kernel32   
 XSS   User search XSS SMF2 www.kernel32   
 XSS   language manager CSRF+XSS SMF2 cicatriz.r00t   
 XSS   XSS in forum name SMF2 ysk.sft   
 XSS   XSS in logo. SMF2 cicatriz.r00t   
 CSRF, XSS   CSRF in the posts settings SMF2 brlvldvlsmrtnz   
 XSS   Language search XSS SMF2 brlvldvlsmrtnz   
 XSS   XSS in theme name of themes and layout settings. SMF2 brlvldvlsmrtnz   
 XSS   XSS in member options with theme name SMF2 brlvldvlsmrtnz   
 XSS   XSS in theme url and settings SMF2 brlvldvlsmrtnz   
 XSS   XSS in modify themes with theme names SMF2 brlvldvlsmrtnz   
 XSS, CSRF   XSS in package manager / options SMF2 cicatriz.r00t   
 CSRF   CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft   
 CSRF   CSRF join 2 topics . SMF2 ysk.sft   
 CSRF   CSRF permite borrar una encuesta SMF2 ysk.sft   
 CSRF   CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft   
 DoS   RSS DoS SMF2, SMF1 www.kernel32   
 CSRF   Session token stealling SMF2, SMF1 www.kernel32   
 ----   ReDoS en htmltrim SMF2 sirdarckcat   
 DoS   Forum access DoS SMF2 sirdarckcat   
 XSS   XSS en la subida de archivos. SMF2 ysk.sft   
 CSRF   Message rule CSRF SMF2 brlvldvlsmrtnz   
 CSRF   Steal session token SMF2, SMF1 www.kernel32