Dear bugtraq@xxxxxxxxxxxxxxxxx,
ShAnKaR <shankar at shankar.name> reported vulnerabilities in Simple
Machines Forum 1.1.2 (aka SMF) http://www.simplemachines.org/
Original advisory (in Russian):
http://securityvulns.ru/Rdocument271.html
1. Weak sound-based CAPTCHA protection
In this engine sound CAPTCHA based automated registration protection
is implemented with a WAV file, generated by concatenation of few
different sound files. Developers use WAV file randomization, but
this randomization is insufficient and can be bypassed by
bruteforcing with known sound templates.
[blah@localhost smfh]$ ./captcha.pl http://localhost/smf/
nnrbv
created in 1.41827201843262 seconds
[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/
vpubu
created in 1.49515509605408 seconds
[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/
ntfhh
created in 2.31928586959839 seconds
[andrey@localhost smfh]$ ./captcha.pl http://localhost/smf/
egudz
created in 0.823321104049683 seconds
As it can be seen, bruteforce usually takes only 1-2 seconds. See
script attached.
2. PHP injection
There is a possibility to execute any PHP code during creation or
editing of forum message.
(no further details is given by advisory author).
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/Attachment:
capcha.pl
Description: Binary data