Bugtraq mailing list archives
SMF "index.php?action=pm" Cross Site-Scripting
From: Advisory () aria-security net
Date: 20 Jan 2007 08:06:08 -0000
#Aria-Security Team #http://Aria-Security.com #Type:Remote Cross-Site Scripting #Article on XSS: http://aria-security.net/xss.rar #Discovered By Aria-Security Team #Tested on SMF 1.1 RC3 # #Explanation: # #-First of all user must be REGISTERED #-Go to http://target/smf/index.php?action=pm;sa=send #-Inster your xss code for the recipient or BCC #-Press send. Original Advisory: http://aria-security.com/forum/showthread.php?p=128
Current thread:
- SMF "index.php?action=pm" Cross Site-Scripting Advisory (Jan 20)
- Re: SMF "index.php?action=pm" Cross Site-Scripting Lise Moorveld (Jan 26)
- <Possible follow-ups>
- Re: SMF "index.php?action=pm" Cross Site-Scripting lfx4sodas (Jan 22)
- Re: Re: SMF "index.php?action=pm" Cross Site-Scripting alexbove (Jan 22)
- Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting Outlaw (Jan 23)
- Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting sirdarckcat (Jan 26)