[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ec9fe7d10912011934n7f0c8617kba99b6f5047e14e5@mail.gmail.com>
Date: Wed, 2 Dec 2009 11:34:06 +0800
From: "SMF 2.0 Code Review elhacker.net" <smf2.review@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by
elhacker.net (Simple Audit)
This is the first batch of vulnerabilities found by the SimpleAudit team
from elhacker.net
http://labs.elhacker.net/simpleaudit
Our goal is to evaluate the security of SMF 2.0 before using it on our own
server, and we have found several security vulnerabilities.
The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team
today, on SMF 1.1.11 visit simplemachines.org for details.
You can review the list of the published vulnerabilities in:
http://code.google.com/p/smf2-review/issues/list
Vuln<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#>
Summary + Labels<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#>
Afecta<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#>
Discovered<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#>
... CSRF, RCE<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln
Summary Afecta Owner> PHP Remote Code
Execution<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln
Summary Afecta Owner> CSRF theme
change<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln
Summary Afecta Owner> Subforum Category Collapse
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln
Summary Afecta Owner> CSRF en el gestor de servidores de
paquetes<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln
Summary Afecta Owner> XSS in package server
manager<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln
Summary Afecta Owner> CSRF package deletion and installed package
disclosure<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln
Summary Afecta Owner> CSRF,
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln
Summary Afecta Owner> Attached files configuration
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln
Summary Afecta Owner> XSS in "Enable basic HTML in
posts"<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln
Summary Afecta Owner>
RFD<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln
Summary Afecta Owner> Remote File Disclosure (solo en logs, y
similares)<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln
Summary Afecta Owner> CSRF en Moderation
Preferences<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln
Summary Afecta Owner> XSS en el censurador de
palabras<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln
Summary Afecta Owner> CSRF in
Polls<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln
Summary Afecta Owner> installer
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln
Summary Afecta Owner> XSS in the installer
(install.php)<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln
Summary Afecta Owner> CSRF in the message rule
manager<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln
Summary Afecta Owner> XSS in smileys
manager<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln
Summary Afecta Owner> Error log
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln
Summary Afecta Owner> Arbitrary package deinstalation
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln
Summary Afecta Owner> User search
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln
Summary Afecta Owner> language manager
CSRF+XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln
Summary Afecta Owner> XSS in forum
name<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln
Summary Afecta Owner> XSS in
logo.<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln
Summary Afecta Owner> CSRF,
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln
Summary Afecta Owner> CSRF in the posts
settings<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln
Summary Afecta Owner> Language search
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln
Summary Afecta Owner> XSS in theme name of themes and layout
settings.<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln
Summary Afecta Owner> XSS in member options with theme
name<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln
Summary Afecta Owner> XSS in theme url and
settings<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln
Summary Afecta Owner> XSS in modify themes with theme
names<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln
Summary Afecta Owner> XSS,
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln
Summary Afecta Owner> XSS in package manager /
options<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln
Summary Afecta Owner>
cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln
Summary Afecta Owner> CSRF permite darle permisos a los usuarios normales
para modificar permisos del
foro<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln
Summary Afecta Owner> CSRF join 2 topics
.<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln
Summary Afecta Owner> CSRF permite borrar una
encuesta<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln
Summary Afecta Owner> CSRF permite elevar privilegios de usuarios normales
para modificar los
smileys<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln
Summary Afecta Owner>
DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln
Summary Afecta Owner> RSS
DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln
Summary Afecta Owner> Session token
stealling<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln
Summary Afecta Owner>
----<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln
Summary Afecta Owner> ReDoS en
htmltrim<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln
Summary Afecta Owner>
DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln
Summary Afecta Owner> Forum access
DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln
Summary Afecta Owner>
sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln
Summary Afecta Owner>
XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln
Summary Afecta Owner> XSS en la subida de
archivos.<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln
Summary Afecta Owner>
ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln
Summary Afecta Owner> Message rule
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln
Summary Afecta Owner>
SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln
Summary Afecta Owner>
brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln
Summary Afecta Owner>
CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln
Summary Afecta Owner> Steal session
token<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln
Summary Afecta Owner> SMF2,
SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln
Summary Afecta Owner>
www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln
Summary Afecta Owner>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists