Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SMF-xss.txt

🗓️ 24 Oct 2006 00:00:00Reported by Jose Carlos NorteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Simple Machines Forum (SMF) XSS issue. SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when modifying the search

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
title: Simple Machines Forum (SMF) XSS issue  
author: Jose Carlos Norte  
discovered by: Jose Carlos Norte  
  
1. introduction  
  
Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project:  
  
http://www.simplemachines.org/  
  
2. XSS problem  
  
SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.  
  
example:  
  
index.php?action=search;params=bWF4YWdlfCd8Ij5YU1N8InxicmR8J3x8InxzaG93X2NvbXBsZXRlfCd8fCJ8c3ViamVjdF9vbmx5fCd8fCJ8c2VhcmNofCd8c3NzfCJ8c29ydF9kaXJ8J3xkZXNjfCJ8c29ydHwnfHJlbGV2YW5jZQ  
  
there are diferent fields vulnerable and a XSS successfull attack is posible, tested.  
  
Solution:  
  
i was unable to contact smf developer team.  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Oct 2006 00:00Current
7.4High risk
Vulners AI Score7.4
smfxsssearch functionsbase64formmodification
25
.json
Report