Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14766
HistoryOct 21, 2006 - 12:00 a.m.

Simple Machines Forum (SMF) XSS issue

2006-10-2100:00:00
vulners.com
83

title: Simple Machines Forum (SMF) XSS issue
author: Jose Carlos Norte
discovered by: Jose Carlos Norte

  1. introduction

Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project:

http://www.simplemachines.org/

  1. XSS problem

SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.

example:

index.php?action=search;params=bWF4YWdlfCd8Ij5YU1N8InxicmR8J3x8InxzaG93X
2NvbXBsZXRlfCd8fCJ8c3ViamVjdF9vbmx5fCd8fCJ8c2VhcmNofCd8c3NzfCJ8c29ydF9ka
XJ8J3xkZXNjfCJ8c29ydHwnfHJlbGV2YW5jZQ

there are diferent fields vulnerable and a XSS successfull attack is posible, tested.

Solution:

i was unable to contact smf developer team.