UNKNOW !plz check your email box ,i have send you a bug report

04over · May 03, 2004, 09:21:19 AM

about XSS vuln in SMF

Grudge · May 03, 2004, 09:31:29 AM

Would you mind sending it to me too - I am also a developer here.

Thanks.

Daniel D. · May 03, 2004, 11:32:56 AM

Post it in the Bug Board?

Grudge · May 03, 2004, 11:35:20 AM

What do you mean Daniel? This is the Bug Board!

Obviously if there is a vulnerbility we'd want it posted privately and not on the forum

I'm interested to see if this is a problem as all input to SMF is well checked for injections and the like so I'm not sure where the problem could lie - but never say never

[Unknown] · May 03, 2004, 04:46:50 PM

Well, yeah, I guess it is one but it's a "very scary" javascript one. (but you can't do hardly anything with it.) I'd have to be trying to hack myself to let it happen to me, most people just aren't that stupid.

It doesn't matter though. I've fixed it and it will be coming next release, but it's nothing to get worried over.

This is site bug reports. But, post any exploit big or small and I will ban you for a few days at the very least.

-[Unknown]

News:

UNKNOW !plz check your email box ,i have send you a bug report

04over

Grudge

Daniel D.

Grudge

[Unknown]