Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: SMF "index.php?action=pm" Cross Site-Scripting
From: grudge () simplemachines org
Date: 2 Feb 2007 12:16:11 -0000
We intend to release a patch for this and a few other reported bugs within the next day or two (We need to complete 
testing on it).

Note that this is an extremely difficult exploit to achieve. It requires a user to follow a link posted by someone else 
to "Send a PM" with some HTML entities within the query string and then (I believe) to hit submit at least once. I 
would hope that the chances of anyone falling for such a exploit would be extremely low indeed!

  By Date           By Thread  

Current thread:
  • Re: SMF "index.php?action=pm" Cross Site-Scripting grudge (Feb 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]