SMF-xss.txt

2006-10-24T00:00:00
ID PACKETSTORM:51280
Type packetstorm
Reporter Jose Carlos Norte
Modified 2006-10-24T00:00:00

Description

                                        
                                            `  
title: Simple Machines Forum (SMF) XSS issue  
author: Jose Carlos Norte  
discovered by: Jose Carlos Norte  
  
1. introduction  
  
Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project:  
  
http://www.simplemachines.org/  
  
2. XSS problem  
  
SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.  
  
example:  
  
index.php?action=search;params=bWF4YWdlfCd8Ij5YU1N8InxicmR8J3x8InxzaG93X2NvbXBsZXRlfCd8fCJ8c3ViamVjdF9vbmx5fCd8fCJ8c2VhcmNofCd8c3NzfCJ8c29ydF9kaXJ8J3xkZXNjfCJ8c29ydHwnfHJlbGV2YW5jZQ  
  
there are diferent fields vulnerable and a XSS successfull attack is posible, tested.  
  
Solution:  
  
i was unable to contact smf developer team.  
  
`