lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 20 Oct 2006 14:30:11 -0000 From: josecarlos.norte@...il.com To: bugtraq@...urityfocus.com Subject: Simple Machines Forum (SMF) XSS issue title: Simple Machines Forum (SMF) XSS issue author: Jose Carlos Norte discovered by: Jose Carlos Norte 1. introduction Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project: http://www.simplemachines.org/ 2. XSS problem SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search. example: index.php?action=search;params=bWF4YWdlfCd8Ij5YU1N8InxicmR8J3x8InxzaG93X2NvbXBsZXRlfCd8fCJ8c3ViamVjdF9vbmx5fCd8fCJ8c2VhcmNofCd8c3NzfCJ8c29ydF9kaXJ8J3xkZXNjfCJ8c29ydHwnfHJlbGV2YW5jZQ there are diferent fields vulnerable and a XSS successfull attack is posible, tested. Solution: i was unable to contact smf developer team.
Powered by blists - more mailing lists