SMF 2.0.4 Cross Site Scripting

2013-09-15 / 2013-09-27
Credit: Henri
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Please assign 2013 CVE for SMF vulnerabilities, thanks. Fixes at least XSS issues. No reply from vendor when I asked if there is CVE(s) assigned already. Advisory: http://www.simplemachines.org/community/index.php?topic=509417 Diff: http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4 Other references: http://osvdb.org/96323 http://secunia.com/advisories/54384/ ./Sources/ManageServer.php Operation #1 Find: [Select] '~\$txt\[\'lang_character_set\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_character_set\'] = \'' . addslashes($_POST['character_set']) . '\';', '~\$txt\[\'lang_locale\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_locale\'] = \'' . addslashes($_POST['locale']) . '\';', '~\$txt\[\'lang_dictionary\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_dictionary\'] = \'' . addslashes($_POST['dictionary']) . '\';', '~\$txt\[\'lang_spelling\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_spelling\'] = \'' . addslashes($_POST['spelling']) . '\';', Replace With: [Select] '~\$txt\[\'lang_character_set\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_character_set\'] = \'' . preg_replace('~[^\w-]~i', '', $_POST['character_set']) . '\';', '~\$txt\[\'lang_locale\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_locale\'] = \'' . preg_replace('~[^\w-]~i', '', $_POST['locale']) . '\';', '~\$txt\[\'lang_dictionary\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_dictionary\'] = \'' . preg_replace('~[^\w-]~i', '', $_POST['dictionary']) . '\';', '~\$txt\[\'lang_spelling\'\]\s=\s(\'|")[^\r\n]+~' => '$txt[\'lang_spelling\'] = \'' . preg_replace('~[^\w-]~i', '', $_POST['spelling']) . '\';', ./Sources/PersonalMessage.php Operation #1 Find: [Select] if (!isset($_REQUEST['sa']) || !isset($subActions[$_REQUEST['sa']])) MessageFolder(); Replace With: [Select] if (!isset($_REQUEST['sa']) || !isset($subActions[$_REQUEST['sa']])) { $_REQUEST['sa'] = ''; MessageFolder(); }

References:

http://www.simplemachines.org/community/index.php?topic=509417
http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4
http://osvdb.org/96323
http://secunia.com/advisories/54384/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top