Bug: SMF "index.php?action=pm" Cross Site-Scripting ( Ascii Version )

Search:
WLB2

SMF "index.php?action=pm" Cross Site-Scripting

Published
Credit
Risk
2007.01.23
Aria-Security Team
Low
CWE
CVE
Local
Remote
N/A
CVE-2007-0399
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

#Aria-Security Team
#http://Aria-Security.com
#Type:Remote Cross-Site Scripting
#Article on XSS: http://aria-security.net/xss.rar
#Discovered By Aria-Security Team
#Tested on SMF 1.1 RC3
#
#Explanation:
#
#-First of all user must be REGISTERED
#-Go to http://target/smf/index.php?action=pm;sa=send
#-Inster your xss code for the recipient or BCC
#-Press send.

Original Advisory:
http://aria-security.com/forum/showthread.php?p=128

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version