Full Disclosure mailing list archives
40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)
From: "SMF 2.0 Code Review elhacker.net" <smf2.review () gmail com>
Date: Wed, 2 Dec 2009 11:34:06 +0800
This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details. You can review the list of the published vulnerabilities in: http://code.google.com/p/smf2-review/issues/list Vuln<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#> Summary + Labels<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#> Afecta<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#> Discovered<https://mail.google.com/mail/html/compose/static_files/blank_quirks.html#> ... CSRF, RCE<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln Summary Afecta Owner> PHP Remote Code Execution<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=6&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln Summary Afecta Owner> CSRF theme change<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=8&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln Summary Afecta Owner> Subforum Category Collapse CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=9&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln Summary Afecta Owner> CSRF en el gestor de servidores de paquetes<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=10&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln Summary Afecta Owner> XSS in package server manager<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=11&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln Summary Afecta Owner> CSRF package deletion and installed package disclosure<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=12&colspec=Vuln Summary Afecta Owner> CSRF, XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln Summary Afecta Owner> Attached files configuration CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=13&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln Summary Afecta Owner> XSS in "Enable basic HTML in posts"<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=14&colspec=Vuln Summary Afecta Owner> RFD<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln Summary Afecta Owner> Remote File Disclosure (solo en logs, y similares)<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=15&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln Summary Afecta Owner> CSRF en Moderation Preferences<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=16&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln Summary Afecta Owner> XSS en el censurador de palabras<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=17&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln Summary Afecta Owner> CSRF in Polls<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=18&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln Summary Afecta Owner> installer XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=19&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln Summary Afecta Owner> XSS in the installer (install.php)<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=20&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln Summary Afecta Owner> CSRF in the message rule manager<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=21&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln Summary Afecta Owner> XSS in smileys manager<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=22&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln Summary Afecta Owner> Error log XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=23&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln Summary Afecta Owner> Arbitrary package deinstalation CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=24&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln Summary Afecta Owner> User search XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=25&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln Summary Afecta Owner> language manager CSRF+XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=26&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln Summary Afecta Owner> XSS in forum name<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=27&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln Summary Afecta Owner> XSS in logo.<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=28&colspec=Vuln Summary Afecta Owner> CSRF, XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln Summary Afecta Owner> CSRF in the posts settings<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=29&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln Summary Afecta Owner> Language search XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=31&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln Summary Afecta Owner> XSS in theme name of themes and layout settings.<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=32&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln Summary Afecta Owner> XSS in member options with theme name<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=33&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln Summary Afecta Owner> XSS in theme url and settings<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=34&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln Summary Afecta Owner> XSS in modify themes with theme names<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=35&colspec=Vuln Summary Afecta Owner> XSS, CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln Summary Afecta Owner> XSS in package manager / options<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln Summary Afecta Owner> cicatriz.r00t<https://mail.google.com/mail/html/compose/static_files/detail?id=36&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln Summary Afecta Owner> CSRF permite darle permisos a los usuarios normales para modificar permisos del foro<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=37&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln Summary Afecta Owner> CSRF join 2 topics .<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=38&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln Summary Afecta Owner> CSRF permite borrar una encuesta<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=39&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln Summary Afecta Owner> CSRF permite elevar privilegios de usuarios normales para modificar los smileys<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=40&colspec=Vuln Summary Afecta Owner> DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln Summary Afecta Owner> RSS DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=41&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln Summary Afecta Owner> Session token stealling<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=42&colspec=Vuln Summary Afecta Owner> ----<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln Summary Afecta Owner> ReDoS en htmltrim<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=44&colspec=Vuln Summary Afecta Owner> DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln Summary Afecta Owner> Forum access DoS<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln Summary Afecta Owner> sirdarckcat<https://mail.google.com/mail/html/compose/static_files/detail?id=45&colspec=Vuln Summary Afecta Owner> XSS<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln Summary Afecta Owner> XSS en la subida de archivos.<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln Summary Afecta Owner> ysk.sft<https://mail.google.com/mail/html/compose/static_files/detail?id=46&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln Summary Afecta Owner> Message rule CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln Summary Afecta Owner> SMF2<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln Summary Afecta Owner> brlvldvlsmrtnz<https://mail.google.com/mail/html/compose/static_files/detail?id=47&colspec=Vuln Summary Afecta Owner> CSRF<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln Summary Afecta Owner> Steal session token<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln Summary Afecta Owner> SMF2, SMF1<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln Summary Afecta Owner> www.kernel32<https://mail.google.com/mail/html/compose/static_files/detail?id=48&colspec=Vuln Summary Afecta Owner>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit) SMF 2.0 Code Review elhacker.net (Dec 01)