simple-xss.txt

2008-01-10T00:00:00
ID PACKETSTORM:62477
Type packetstorm
Reporter DoZ
Modified 2008-01-10T00:00:00

Description

                                        
                                            ` [HSC] Simple Machines Forum Cross-Site Scripting Vulnerabilities  
Vulnerabilities  
  
  
Simple Machines Forum allows attackers to exploiting this vulnerability by  
cross-site scripting and they will be able to obtain detailed information.  
This may help the attacker steal cookie-based authentication credentials and  
launch other attacks.  
  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Remote: YES  
Class: Improper Validation.  
  
  
Version: 1.1.4 & Previous!  
Vendor: http://www.simplemachines.org  
  
  
  
  
  
  
* Attackers can exploit these issues via a web client.  
  
  
  
Site.com/component/option,com_smf/Itemid,8'XSS,1/topic,1.0/  
  
Site.com/component/option,com_smf/Itemid,5/topic,1.XSS/  
  
  
  
Solution: upgrade to SMF 2.0 1.x when vendor releases to public.  
  
  
Reference: http://www.hackerscenter.com/archive/view.asp?id=28147  
`