Somos una razon del SMF 1.1.9 xD

Posted on 10:37 by Xianur0

Bueno gente... estaba navegando por ahi en internet y me tope con esto:


Berkaitan dengan sering di-hack atau diserangnya situs2 forum berbasis SMF akhir ini... segera lakukan update/ugrade.

Info masalah keamanan:
Simple Machines Forum "packages.xml" Cross-Site Scripting

Xianur0 has discovered a vulnerability in Simple Machines Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input read from the "text" and "description" elements in a "packages.xml" file (e.g. when "action" is set to "packageget", "sa" is set to "browse", and "absolute" is set to the web address serving the malicious "packages.xml" file) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in the context of an affected site.

This vulnerability is confirmed in version 1.1.7 and 1.1.8. Other versions may also be affected.

Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:

2009-02-05: Updated "Description" section with additional version information.

Código: [Seleccionar]