Simple Machines Forum 1.1.11 cross site scripting

2009-12-23 / 2009-12-24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|| Script : SMF (Simple Machine Forum) 1.1.11 || Vulnerability Type : Active XSS ( Active Cross Site Scripting ) || Risk : Low || Discovered By Khashayar Fereidani || http://ircrash.com http://bugtraq.ircrash.com || Note : For use this vulnerability you need access to censor words panel . 1.First login and go to : http://site/path/index.php?action=postsettings;sa=censor click on "Click here to add another word." for add new row . set new text box : ircrash => "<script>alert('Vulnerable')</script> and save page . 2.Open new typic and set title : ircrash , fill all fields and post typic . 3.Open forum home page . you see alert : Vulerable You can set any html or java script code . hackers can home deface forum or set activex for virus . || Solution : filter censor page variables with htmlspecialchars . || Tnx : Only For God


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top