Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Simple Machines Forum Cross-Site Scripting Vulnerabilities

from [DoZ] Network Security [Permanent Link]
Subject: Simple Machines Forum Cross-Site Scripting Vulnerabilities
Date: 10 Jan 2008 02:12:49 -0000 
 [HSC] Simple Machines Forum XSS Vulnerabilities


Simple Machines Forum allows attackers to exploiting this vulnerability by 
cross-site scripting and they will be able to obtain detailed information. This 
may help the attacker steal cookie-based authentication credentials and launch 
other attacks.



Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Remote: YES
Class: Improper Validation.


Version: 1.1.4 & Previous!
Vendor: http://www.simplemachines.org






* Attackers can exploit these issues via a web client.



Site.com/component/option,com_smf/Itemid,8'XSS,1/topic,1.0/

Site.com/component/option,com_smf/Itemid,5/topic,1.XSS/



Solution: upgrade to SMF 2.0 1.x when vendor releases to public.



Only becoming a hacker you can stop a hacker. Were can you learn with out 
having to pay thousands?- http://kit.hackerscenter.com/ - The most 
comprehensive security pack you will ever find on the net!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP, Adrian P
Next by Date:  PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager, ProCheckUp Research
Previous by Thread:  [Full-disclosure] BT Home Flub: Pwnin the BT Home Hub (5) - exploiting IGDs remotely via UPnP, Adrian P
Next by Thread:  Re: Simple Machines Forum Cross-Site Scripting Vulnerabilities, dev
Indexes:  [Date] [Thread] [Top] [All Lists]