oss-sec mailing list archives
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities
From: Moritz Naumann <security () moritz-naumann com>
Date: Wed, 25 Sep 2013 14:33:14 +0000
On 24.09.2013 14:17 +0000, Henri Salo wrote:
On Mon, Sep 16, 2013 at 07:23:52PM -0600, Kurt Seifried wrote:Can you provide a summary of the diff? thanks.
[..]
XSS in index.php?action=admin;area=manageboards;sa=newboard;cat=1 "board_name" Requires admin account PoC: "><BODY ONLOAD=alert('XSS')> Verified in 2.0.4 Not fixed in 2.0.5 SMF guys, this CSRF should help to verify this issue. Can you fix this in next release? Contact me in case you need help.
[..] This CSRF doesn't work for me on two 2.0.4 installations I tested on. Both return Unable to verify referring url. Please go back and try again. There seems to be a CSRF protection in this hidden form field: <input type="hidden" name="e2b8c5b3437" value="bdcc798a0a86fa141da538f7c3a6ec42" /> So this doesn't seem exploitable this way (but it also doesn't make the XSS bug vanish in the haze, either). To clarify, I'm a SMF user (and independent tester) not affiliated with the SMF developers. Moritz
Current thread:
- CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 15)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)