Somos una razon del SMF 1.1.9 xD
Posted on 10:37 by Xianur0
Bueno gente... estaba navegando por ahi en internet y me tope con esto:
http://www.simplemachines.org/community/index.php?topic=312445.0
Miren:
Berkaitan dengan sering di-hack atau diserangnya situs2 forum berbasis SMF akhir ini... segera lakukan update/ugrade.
Info masalah keamanan:
Simple Machines Forum "packages.xml" Cross-Site Scripting
Citar
Description:
Xianur0 has discovered a vulnerability in Simple Machines Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input read from the "text" and "description" elements in a "packages.xml" file (e.g. when "action" is set to "packageget", "sa" is set to "browse", and "absolute" is set to the web address serving the malicious "packages.xml" file) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in the context of an affected site.
This vulnerability is confirmed in version 1.1.7 and 1.1.8. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Xianur0
Changelog:
2009-02-05: Updated "Description" section with additional version information.
Código: [Seleccionar]
http://secunia.com/advisories/33670/
3 comentarios:
Huy valla que si es cierto bro, aunque creo que por ahi lei que aun sigue siendo vulnerable la version 1.1.9
Ahi le dejo un saludo.
la 1.1.9 tiene aun muchos bugs jeje
ajaja Muy bien hecho Xianur0 !!!
Publicar un comentario