|
This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net
http://labs.elhacker.net/simpleaudit
Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities.
The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details.
You can review the list of the published vulnerabilities in:
http://code.google.com/p/smf2-review/issues/list
CSRF, RCE PHP Remote Code Execution SMF2 www.kernel32
CSRF CSRF theme change SMF2, SMF1 www.kernel32
CSRF Subforum Category Collapse CSRF SMF2, SMF1 www.kernel32
CSRF CSRF en el gestor de servidores de paquetes SMF2, SMF1 www.kernel32
XSS XSS in package server manager SMF2, SMF1 www.kernel32
CSRF CSRF package deletion and installed package disclosure SMF2 www.kernel32
CSRF, XSS Attached files configuration CSRF SMF2 www.kernel32
XSS XSS in "Enable basic HTML in posts" SMF2 sirdarckcat
RFD Remote File Disclosure (solo en logs, y similares) SMF2 sirdarckcat
CSRF CSRF en Moderation Preferences SMF2 sirdarckcat
XSS XSS en el censurador de palabras SMF2, SMF1 sirdarckcat
CSRF CSRF in Polls SMF2, SMF1 sirdarckcat
XSS installer XSS SMF2 brlvldvlsmrtnz
XSS XSS in the installer (install.php) SMF2 cicatriz.r00t
CSRF CSRF in the message rule manager SMF2 cicatriz.r00t
XSS XSS in smileys manager SMF2 cicatriz.r00t
XSS Error log XSS SMF2 www.kernel32
CSRF Arbitrary package deinstalation CSRF SMF2 www.kernel32
XSS User search XSS SMF2 www.kernel32
XSS language manager CSRF+XSS SMF2 cicatriz.r00t
XSS XSS in forum name SMF2 ysk.sft
XSS XSS in logo. SMF2 cicatriz.r00t
CSRF, XSS CSRF in the posts settings SMF2 brlvldvlsmrtnz
XSS Language search XSS SMF2 brlvldvlsmrtnz
XSS XSS in theme name of themes and layout settings. SMF2 brlvldvlsmrtnz
XSS XSS in member options with theme name SMF2 brlvldvlsmrtnz
XSS XSS in theme url and settings SMF2 brlvldvlsmrtnz
XSS XSS in modify themes with theme names SMF2 brlvldvlsmrtnz
XSS, CSRF XSS in package manager / options SMF2 cicatriz.r00t
CSRF CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft
CSRF CSRF join 2 topics . SMF2 ysk.sft
CSRF CSRF permite borrar una encuesta SMF2 ysk.sft
CSRF CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft
DoS RSS DoS SMF2, SMF1 www.kernel32
CSRF Session token stealling SMF2, SMF1 www.kernel32
---- ReDoS en htmltrim SMF2 sirdarckcat
DoS Forum access DoS SMF2 sirdarckcat
XSS XSS en la subida de archivos. SMF2 ysk.sft
CSRF Message rule CSRF SMF2 brlvldvlsmrtnz
CSRF Steal session token SMF2, SMF1 www.kernel32