Home page logo

bugtraq logo Bugtraq mailing list archives

Simple Machines Forum (SMF) XSS issue
From: josecarlos.norte () gmail com
Date: 20 Oct 2006 14:30:11 -0000

title: Simple Machines Forum (SMF) XSS issue
author: Jose Carlos Norte
discovered by: Jose Carlos Norte

1. introduction

Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of 
the project:


2. XSS problem

SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form 
search when we want to modify our search.



there are diferent fields vulnerable and a XSS successfull attack is posible, tested.


i was unable to contact smf developer team.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]