| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting |
| From: | sirdarckcat@gmail.com |
| Date: | 26 Jan 2007 04:53:42 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Any way, this vulnerability is not dangerous.. because for sending a successful PM request, you need to match the "sid" variable, that is impossible to get unless you already have control of the session. The correct patch must be added in the theme file "PersonalMessage.template.php" at the begining of the code: $context["to"]=htmlentities($context["to"]); $context["bcc"]=htmlentities($context["bcc"]); Greetz!! |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Movable Type <= 3.33 XSS Exploit, teracci2002 |
|---|---|
| Next by Date: | [ GLSA 200701-24 ] VLC media player: Format string vulnerability, Matthias Geerdsen |
| Previous by Thread: | Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting, Outlaw |
| Next by Thread: | Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability, info |
| Indexes: | [Date] [Thread] [Top] [All Lists] |