Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
From: metallica48423@xxxxxxxxx
Date: Thu, 5 Feb 2009 02:57:11 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Thanks for your report.

However, while this can be used in a malicious way, this is an action which 
requires administrative access by default to even access.  That is, someone 
must physically give someone else access, or someone must gain access to this 
function to be able to pull off anything with it.

The functionality is intended to allow an administrative user to replace 
certain text with text, html, or imagery as necessary.

Given that an administrative user can install modification packages as well as 
edit the template and language files, version depending, all of which require 
adminsitrative access, I also do not feel this is a very likely attack vector.

I do acknowledge though that it could be misused, however.  But the truth 
remains that if someone gains unauthorized administrative access to SMF or, 
well, any site, then the potential for damage is great. 

Thanks again for your report, as I mentioned in the email.

metallica48423
Project Manager
Simple Machines Forum

Prev by Date: [SECURITY] [DSA 1717-1] New devil packages fix buffer overflow
Next by Date: Nokia N95-8 browser denial of service
Previous by thread: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
Next by thread: Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit
Index(es):
- Date
- Thread