bugtraq - 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Date: Tue, 1 Dec 2009 20:37:26 -0700
From: smf2.review@...il.com
To: bugtraq@...urityfocus.com
Subject: 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net
 (Simple Audit)

This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net
http://labs.elhacker.net/simpleaudit
 
Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities.
 
The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details.
 
You can review the list of the published vulnerabilities in:
http://code.google.com/p/smf2-review/issues/list
 
 
 
  CSRF, RCE   PHP Remote Code Execution SMF2 www.kernel32   
  CSRF   CSRF theme change SMF2, SMF1 www.kernel32   
  CSRF   Subforum Category Collapse CSRF SMF2, SMF1 www.kernel32   
  CSRF   CSRF en el gestor de servidores de paquetes SMF2, SMF1 www.kernel32   
  XSS   XSS in package server manager SMF2, SMF1 www.kernel32   
  CSRF   CSRF package deletion and installed package disclosure SMF2 www.kernel32   
  CSRF, XSS   Attached files configuration CSRF SMF2 www.kernel32   
  XSS   XSS in "Enable basic HTML in posts" SMF2 sirdarckcat   
  RFD   Remote File Disclosure (solo en logs, y similares) SMF2 sirdarckcat   
  CSRF   CSRF en Moderation Preferences SMF2 sirdarckcat   
  XSS   XSS en el censurador de palabras SMF2, SMF1 sirdarckcat   
  CSRF   CSRF in Polls SMF2, SMF1 sirdarckcat   
  XSS   installer XSS SMF2 brlvldvlsmrtnz   
  XSS   XSS in the installer (install.php) SMF2 cicatriz.r00t   
  CSRF   CSRF in the message rule manager SMF2 cicatriz.r00t   
  XSS   XSS in smileys manager SMF2 cicatriz.r00t   
  XSS   Error log XSS SMF2 www.kernel32   
  CSRF   Arbitrary package deinstalation CSRF SMF2 www.kernel32   
  XSS   User search XSS SMF2 www.kernel32   
  XSS   language manager CSRF+XSS SMF2 cicatriz.r00t   
  XSS   XSS in forum name SMF2 ysk.sft   
  XSS   XSS in logo. SMF2 cicatriz.r00t   
  CSRF, XSS   CSRF in the posts settings SMF2 brlvldvlsmrtnz   
  XSS   Language search XSS SMF2 brlvldvlsmrtnz   
  XSS   XSS in theme name of themes and layout settings. SMF2 brlvldvlsmrtnz   
  XSS   XSS in member options with theme name SMF2 brlvldvlsmrtnz   
  XSS   XSS in theme url and settings SMF2 brlvldvlsmrtnz   
  XSS   XSS in modify themes with theme names SMF2 brlvldvlsmrtnz   
  XSS, CSRF   XSS in package manager / options SMF2 cicatriz.r00t   
  CSRF   CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft   
  CSRF   CSRF join 2 topics . SMF2 ysk.sft   
  CSRF   CSRF permite borrar una encuesta SMF2 ysk.sft   
  CSRF   CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft   
  DoS   RSS DoS SMF2, SMF1 www.kernel32   
  CSRF   Session token stealling SMF2, SMF1 www.kernel32   
  ----   ReDoS en htmltrim SMF2 sirdarckcat   
  DoS   Forum access DoS SMF2 sirdarckcat   
  XSS   XSS en la subida de archivos. SMF2 ysk.sft   
  CSRF   Message rule CSRF SMF2 brlvldvlsmrtnz   
  CSRF   Steal session token SMF2, SMF1 www.kernel32