0 Members and 1 Guest are viewing this topic.
It’s quite a common scenario when criminals try to hijack or buy developer accounts of legitimate applications, or pay their developers to add some malicious code into their software, so some benign plugin or application may turn bad after an update — the only thing that protects you is the author reputation and the security screening and approval process in the repository.
In fact, Donut JS is already used on more websites than jQuery, Prototype JS, MooTools, YUI, and Google Web Toolkit – combined.
Pal, Thank you very much for informative articles (this & this one: http://scforum.info/index.php/topic,11292.0.html ) about WordPress. Please, keep us informed about "Simple Machines" as well: https://en.wikipedia.org/wiki/Simple_Machines_Forum , "our" software platform. cya around,S.
Simple Machines Forum Multiple Security Vulnerabilities EDB-ID: 10274 CVE: 2009-5068... OSVDB-ID: 86444 EDB Verified: Author: SimpleAudit Team Published: 2009-12-02 Download Exploit: Source Raw Download Vulnerable App: N/A Simple Machines Forum is prone to multiple security vulnerabilities: - A remote PHP code-execution vulnerability- Multiple cross-site scripting vulnerabilities- Multiple cross-site request-forgery vulnerabilities- An information-disclosure vulnerability- Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions on behalf of legitimate users, compromise the affected application, steal cookie-based authentication credentials, obtain information that could aid in further attacks or cause denial-of-service conditions. Please note some of these issues may already be described in other BIDs. This BID will be updated if further analysis confirms this. These issues affect Simple Machines Forum 2.0 RC2. Some of these issues also affect version 1.1.10. Bugtraq ID: 37182Class: UnknownCVE: Remote: YesLocal: NoPublished: Dec 02 2009 12:00AMUpdated: Dec 02 2009 12:00AMCredit: SimpleAudit team from elhacker.netVulnerable: Simple Machines Simple Machines Forum 1.1.10Simple Machines Simple Machines Forum 2.0 RC2 An attacker can use a browser to exploit these issues. To exploit the cross-site scripting and cross-site request-forgery vulnerabilities, the attacker must entice an unsuspecting victim into following a malicious URI. The following example URIs are available: For information-disclosure issue issue:http://server/index.php?action=admin;area=logs;sa=errorlog;file=L2V0Yy9wYXNzd2Q== For denial-of-service issue:GET /.xml.html;sa=news;limit=999;type=rss HTTP/1.1 For denial-of-service issue (cookie):Cookie: GLOBALS For cross-site scripting issues:http://server/index.php?action=admin;area=languages;sa=add;[token]PoC: "><xss> http://server/index.php?action=admin;area=theme;sa=settings;th=2;[token]PoC: http://urlreal"><script>alert(1);</script>
---Here do you have one the you probebly allready know about because it is from 2009. But if you dont! ---
With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content: