Recent security issue reported

Started by emanuele, May 16, 2013, 02:42:51 PM

Previous topic - Next topic

emanuele

Recently an "exploit" has been reported, for example:
http://exploitsdownload.com/search/smf%202.0.4%20exploit/
http://packetstormsecurity.com/files/121391/SMF-2.0.4-PHP-Code-Injection.html

The core of the issue is in this comment:
// to successfully exploit smf 2.0.4 we need correct admin's cookie:
Is it something annoying? Yes.
Is it a security issue? No.

It is no more dangerous than any other piece of the admin panel that allows admins to change any (writable) file on the server.

If a security issue that will need a release will be discovered, then it may be worth fix this unintended behaviour, otherwise a fix will be provided in the next version of SMF.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Arantor


Chalky


4Kstore


¡¡NEW MOD: Sparkles User Names!!!

kat


emanuele

Quote from: Arantor on May 16, 2013, 02:45:13 PM
Thanks for the official heads-up ;)
I waited to see if someone else wanted to have his nick on a topic here but since everybody here around are shy I had to... :P


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Antes

Thanks for the info :)

quick question: its not possible in 2.1 because of tokens right?

emanuele

Tokens have nothing to do with that.
In 2.1 is still the same and should be fixed.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Arantor

I'm going to go out on a limb here and say: the tokens make precisely zero difference.

In fact, as I said elsewhere, I'm really not convinced tokens make any real difference at all.

OK, so the token prevents drive-by POSTs like this, sure. But all a hacker has to do is make two requests, not one, the first request to open the page in question (which gets them the token) and then submit that token straight back to carry out the actual malicious stuff.

It makes it *slightly* harder, the real protection is still the fact that you have to hijack an admin's session directly anyway.

I would love someone to show me what benefit tokens actually provide. (Especially since I can imagine mod authors not using them anyway.)

Advertisement: