SMF All Version (Server Setting) Stored XSS Vulnerability

2012-12-18 16:08:31
Inviato da: irist.ir

# Exploit Title: SMF All Version (Server Setting) Stored XSS Vulnerability
# Exploit Author: Am!r
# Homepage: http://irist.ir/forum
# Software Link: http://www.simplemachines.org/
# Security Risk : High
# Version: All Version
# Tested on: Linux

##############################################################
Stored XSS-Instructions
1.Install Smf And Login Admin User
2.Go to Admin >> Configuration >> Server Settings >>
3.Insert Your Xss Script In Forum Title Or Message for display And Save New Forum .ex. "><script>alert("Www.IrIsT.Ir")</script>
4.Visit your Forum

See Image :
http://uploadtak.com/images/s5_IrIsTBug.jpg
##############################################################

# Greats : B3HZ4D - Mikili - Dead.Zone - C0dex - TaK.FaNaR - BestC0d3r - Beni_Vanda - one hacker alone
# 0x0ptim0us - m3hdi - F@rid - dr.tofan - skote_vahshat - Mr.Xpr - M.R.S.CO - Mr.Cicili - Dj.TiniVini
# H-SK33PY - Immortal Boy - Noter - & All Members In Www.IrIsT.Ir/forum & Www.Datacoders.Org

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.