Advertisement:

Author Topic: Possible *major* SMF exploit in the wild, going back years!  (Read 57678 times)

fotisevangelou

  • Guest
Re: Possible *major* SMF exploit in the wild, going back years!
« Reply #20 on: October 16, 2007, 08:00:40 PM »
Having been mentioned in be_cool's list - http://forum.joomlaworks.gr -  I can confirm we were "victims" of such code injections as well, despite being on the latest 1.1.4 release.

We've applied some restrictions (like the ones mentioned here), but I know already that many SMF forums suffered from the same issue.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,084
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Possible *major* SMF exploit in the wild, going back years!
« Reply #21 on: October 16, 2007, 08:43:20 PM »
If you know this occurred while you were at 1.1.4, please file a security report.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


fotisevangelou

  • Guest
Re: Possible *major* SMF exploit in the wild, going back years!
« Reply #22 on: October 18, 2007, 05:20:18 AM »
I will, you're right.  ;)

Offline rthrash

  • Jr. Member
  • **
  • Posts: 128
Re: Possible *major* SMF exploit in the wild, going back years!
« Reply #23 on: December 15, 2007, 08:27:56 PM »
If you know this occurred while you were at 1.1.4, please file a security report.
Where do we file security reports? We were victims of this on a very busy forum ... likely starting yesterday. Upgraded shortly after it came out.

Offline SteveWh

  • Semi-Newbie
  • *
  • Posts: 15
  • Gender: Male

Offline rthrash

  • Jr. Member
  • **
  • Posts: 128
Re: Possible *major* SMF exploit in the wild, going back years!
« Reply #25 on: December 15, 2007, 10:42:11 PM »
Filed ... thanks.