Somos una razon del SMF 1.1.9 xD

Posted on 10:37 by Xianur0

Bueno gente... estaba navegando por ahi en internet y me tope con esto:

http://www.simplemachines.org/community/index.php?topic=312445.0

Miren:

Berkaitan dengan sering di-hack atau diserangnya situs2 forum berbasis SMF akhir ini... segera lakukan update/ugrade.

Info masalah keamanan:
Simple Machines Forum "packages.xml" Cross-Site Scripting

Citar
Description:
Xianur0 has discovered a vulnerability in Simple Machines Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input read from the "text" and "description" elements in a "packages.xml" file (e.g. when "action" is set to "packageget", "sa" is set to "browse", and "absolute" is set to the web address serving the malicious "packages.xml" file) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in the context of an affected site.

This vulnerability is confirmed in version 1.1.7 and 1.1.8. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Xianur0

Changelog:
2009-02-05: Updated "Description" section with additional version information.

Código: [Seleccionar]
http://secunia.com/advisories/33670/

3 comentarios:

z1z30f dijo...

Huy valla que si es cierto bro, aunque creo que por ahi lei que aun sigue siendo vulnerable la version 1.1.9

Ahi le dejo un saludo.

Xianur0 dijo...

la 1.1.9 tiene aun muchos bugs jeje

Guason dijo...

ajaja Muy bien hecho Xianur0 !!!