TUCoPS :: Web BBS :: etc :: b06-4386.htm

Simple Machines Forum <=1.1RC2 unset() vulnerabilities
Simple Machines Forum <=1.1RC2 unset() vulnerabilities
Simple Machines Forum <=1.1RC2 unset() vulnerabilities



---------Simple Machines Forum <=1.1RC2 unset() vulnerabilities-----------------=0D
--------------------------------------------------------------------------------=0D
=0D
software site: http://www.simplemachines.org/=0D 
=0D
the recently discovered Zend_Hash_Del_Key_Or_Index PHP vulnerability allows=0D
users to include arbitrary files from local resources (on Windows boxes)=0D
and to lock topics, poc for both:=0D
=0D
http://retrogod.altervista.org/smf_11rc2_local_incl.html=0D 
http://retrogod.altervista.org/smf_11rc2_lock.html=0D 
=0D
an interesting reading:=0D
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html=0D 
=0D
SMF team released 1.0.8 and 1.1.rc3 versions to patch theese issues=0D
--------------------------------------------------------------------------------=0D
rgod=0D
=0D
site: http://retrogod.altervista.org=0D 
mail: rgod at autistici.org=0D
--------------------------------------------------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH