|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 75
Members: 0
Total: 75
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
guess what??? n00b question... |
|
Posted: Wed Dec 12, 2007 10:08 pm |
|
|
bigkat |
Beginner |
|
|
Joined: Dec 12, 2007 |
Posts: 4 |
|
|
|
|
|
|
|
is there any vulnerabilities to SMF that are proven to work...
been thru the forum all day... can really find anything...
thanks in advance... |
|
|
|
|
Posted: Wed Dec 12, 2007 10:15 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Dec 12, 2007 10:25 pm |
|
|
bigkat |
Beginner |
|
|
Joined: Dec 12, 2007 |
Posts: 4 |
|
|
|
|
|
|
|
SMF 1.1.2
thanks for the reply...
Description:
rgod has discovered a weakness in Simple Machine Forum, which can be exploited by malicious people to disclose certain system information.
The weakness is caused to the application allowing users to use external files as avatars. This can be exploited to gather information (e.g. IP addresses, browser types) of other users, who view a forum post containing an external avatar image.
Successful exploitation requires that the user is allowed to specify external files as avatar.
The weakness has been confirmed in version 1.0.5. Other versions may also be affected.
Solution:
Configure the user group permissions to disallow the use of external avatars.
what would I use to do this... a script??? file??? another n00b??? |
|
|
|
|
|
|
|
|
Posted: Thu Dec 13, 2007 12:50 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Nop, this "weakness" is more like feature and is quite useless in case of SMF. |
|
|
|
|
Posted: Thu Dec 13, 2007 7:50 pm |
|
|
bigkat |
Beginner |
|
|
Joined: Dec 12, 2007 |
Posts: 4 |
|
|
|
|
|
|
|
is there any known vulnerabilities SMF 1.1.2??? |
|
|
|
|
Posted: Thu Dec 13, 2007 8:47 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
bigkat wrote: | is there any known vulnerabilities SMF 1.1.2??? |
http://milw0rm.com/exploits/4547
You need to be registered member to target and logged in, because exploit need your auth cookie. |
|
|
|
|
Posted: Thu Dec 13, 2007 9:07 pm |
|
|
bigkat |
Beginner |
|
|
Joined: Dec 12, 2007 |
Posts: 4 |
|
|
|
|
|
|
|
thanks waraxe... I will give it a try... |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|