Back to list
Simple Machines Forum (SMF) XSS issue
Oct 20 2006 02:30PM
josecarlos norte gmail com
title: Simple Machines Forum (SMF) XSS issue
author: Jose Carlos Norte
discovered by: Jose Carlos Norte
Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project:
2. XSS problem
SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.
there are diferent fields vulnerable and a XSS successfull attack is posible, tested.
i was unable to contact smf developer team.
[ reply ]
Copyright 2010, SecurityFocus