Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: b06-5352.htm

Simple Machines Forum (SMF) XSS issue
Simple Machines Forum (SMF) XSS issue
Simple Machines Forum (SMF) XSS issue

title: Simple Machines Forum (SMF) XSS issue
author: Jose Carlos Norte
discovered by: Jose Carlos Norte

1. introduction

Simple machines forum is a popular scalable free bulletin board system written in php over mysql database, the url of the project: 

2. XSS problem

SMF is vulnerable to XSS attacks in search functions, in a string passed in base64 to search for re-fill the form search when we want to modify our search.



there are diferent fields vulnerable and a XSS successfull attack is posible, tested.


i was unable to contact smf developer team.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH