SMF-xss.txt

SMF-xss.txt: Posted Oct 24, 2006; Authored by Jose Carlos Norte; Simple Machines Forum SMF suffers from a cross site scripting vulnerability in index.php.; tags | exploit, php, xss; SHA-256 | fed7bd5bff8f1c1d58b66a6ba3c5104cbeedac6164a2bdd27ab278c966845442; Download | Favorite | View

SMF-xss.txt


title: Simple Machines Forum (SMF) XSS issue
author: Jose Carlos Norte
discovered by: Jose Carlos Norte

1. introduction

Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project:

http://www.simplemachines.org/

2. XSS problem

SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.

example:

index.php?action=search;params=bWF4YWdlfCd8Ij5YU1N8InxicmR8J3x8InxzaG93X2NvbXBsZXRlfCd8fCJ8c3ViamVjdF9vbmx5fCd8fCJ8c2VhcmNofCd8c3NzfCJ8c29ydF9kaXJ8J3xkZXNjfCJ8c29ydHwnfHJlbGV2YW5jZQ

there are diferent fields vulnerable and a XSS successfull attack is posible, tested.

Solution:

i was unable to contact smf developer team.

Top Authors In Last 30 Days

Red Hat 304 files
indoushka 142 files
Ubuntu 100 files
Gentoo 32 files
Debian 24 files
LiquidWorm 17 files
Apple 11 files
Google Security Research 8 files
malvuln 8 files
Michael Baer 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,608)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,085)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,928)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

SMF-xss.txt

SMF-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SMF-xss.txt

Share This

SMF-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems