News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

XSS Vulnerabilities in Forum Software

Started by ShadeSpeed, April 10, 2015, 10:07:20 AM

Previous topic - Next topic

ShadeSpeed

Hello,

I've found a rather serious XSS vulnerability in the forum software that is being used at totalminerforums dot net

Please contact me for more details (as I figured it'd be wise not to post the vulnerability on here).

Thanks,

Dan.

E-mail removed to stop you from being targeted by spammers - Iris.

Suki

Hi there, would you like to fill out a security report?  http://www.simplemachines.org/about/smf/security.php  and we will gladly take a look at it.

Thanks.
Disclaimer: unless otherwise stated, all my posts are personal and does not represent any views or opinions held by Simple Machines.

ShadeSpeed

Thanks, I've just submitted a report.

Dan.

margarett

Thank you for the submission.

What you reported can't be done in a "vanilla" SMF install, so it's not really a vulnerability.
The owners of said forum chose to allow that possibility (through a MOD or custom coding), probably unaware of the consequences.

Since you are registered to said forum, I would suggest you to contact one of the administrators in private and explain that to them.
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

ShadeSpeed

I have contacted the only administrator, and they referred me to here.

I will refer them to this topic.

Thanks,

Dan.

Advertisement: