oss-sec mailing list archives
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities
From: Henri Salo <henri () nerv fi>
Date: Tue, 1 Oct 2013 09:23:23 +0300
On Wed, Sep 25, 2013 at 12:07:32PM -0600, Kurt Seifried wrote:
On 09/25/2013 10:45 AM, Henri Salo wrote:On Wed, Sep 25, 2013 at 02:33:14PM +0000, Moritz Naumann wrote:This CSRF doesn't work for me on two 2.0.4 installations I tested on.You are correct.Both return Unable to verify referring url. Please go back and try again.Actual error message for me: "Your session timed out while posting. Please go back and try again." I'm really sorry about this. I even tested using different computer so I don't know what I previously did wrong/different. Thank you for correcting this. --- Henri SaloSo to confirm: the XSS are legit, the CSRF is confirmed to not work? thanks.
Can we get these assigned or do you have open questions, thanks. --- Henri Salo
Current thread:
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 30)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Oct 01)
- <Possible follow-ups>
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities security curmudgeon (Oct 01)
- Re: Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Oct 02)