Text only | Text with Images

Simple Machines Community Forum

General Community => Site Comments, Issues and Concerns => Topic started by: 04over on May 03, 2004, 09:21:19 AM

Title: UNKNOW !plz check your email box ,i have send you a bug report
Post by: 04over on May 03, 2004, 09:21:19 AM
about XSS vuln in SMF
Title: Re: UNKNOW !plz check your email box ,i have send you a bug report
Post by: Grudge on May 03, 2004, 09:31:29 AM
Would you mind sending it to me too - I am also a developer here.

Thanks.
Title: Re: UNKNOW !plz check your email box ,i have send you a bug report
Post by: Daniel D. on May 03, 2004, 11:32:56 AM
Post it in the Bug Board?
Title: Re: UNKNOW !plz check your email box ,i have send you a bug report
Post by: Grudge on May 03, 2004, 11:35:20 AM
What do you mean Daniel? This is the Bug Board!

Obviously if there is a vulnerbility we'd want it posted privately and not on the forum :)

I'm interested to see if this is a problem as all input to SMF is well checked for injections and the like so I'm not sure where the problem could lie - but never say never :D
Title: Re: UNKNOW !plz check your email box ,i have send you a bug report
Post by: [Unknown] on May 03, 2004, 04:46:50 PM
Well, yeah, I guess it is one but it's a "very scary" javascript one. (but you can't do hardly anything with it.)  I'd have to be trying to hack myself to let it happen to me, most people just aren't that stupid.

It doesn't matter though.  I've fixed it and it will be coming next release, but it's nothing to get worried over.

This is site bug reports.  But, post any exploit big or small and I will ban you for a few days at the very least.

-[Unknown]
Text only | Text with Images