Re: Simple Machine Forum - Private section/posts/info disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Simple Machine Forum - Private section/posts/info disclosure
From: klynn.securityfocus@xxxxxxxxxxxxx
Date: 9 Nov 2007 17:52:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This is the second SMF vulnerability announced in the recent weeks that appears 
to be caused by administrative misconfiguration rather than an error in SMF. I 
have tested this on a default SMF 1.1.4 test environment and it did not work 
for me. 

Given the fact that previous messages from h3llcode or others in your 
blackroots.it group make mention of the use of .htaccess for controlling access 
to sensitive areas, it seems likely that h3llcode has opened permissions to 
allow escalated privileges to others and is then attempting to control those 
privileges using .htaccess files. Either that or h3llcode is testing the 
advanced search from an account enabled with escalated privileges already.

h3llcode, please create a default SMF 1.1.4 test environment and report back on 
your findings. If it can be duplicated in a properly configured SMF forum, I'm 
very interested in knowing about it.

Thank you,
Kevin Lynn, CISSP

Prev by Date: [ MDKSA-2007:214 ] - Updated flac packages fix vulnerability
Next by Date: xoops mylinks module - sql injection
Previous by thread: Re: Simple Machine Forum - Private section/posts/info disclosure
Next by thread: [OpenPKG-SA-2007.023] OpenPKG Security Advisory (perl)
Index(es):
- Date
- Thread