[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3

To: mohammed sa <sa.attacker@xxxxxxxxx>
Subject: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
From: WHK Yan <yan.uniko.102@xxxxxxxxx>
Date: Thu, 10 Jan 2013 09:12:21 -0300

I am WHK, along with sdc simpleaudit did, I'm part of the staff of
simplemachines.
http://foro.elhacker.net/nivel_web/auditoria_de_seguridad_hacia_simple_machines_forum_20-t271199.0.html

security flaw that was never repaired, no CVE-ID, no one remembered, but the
fault is still.
The failure affected the RC version, this affects the stable version.

2013/1/8 mohammed sa <sa.attacker@xxxxxxxxx>

> Hi
>
> this p0c old from 2009
> http://www.exploit-db.com/exploits/10274
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
  - From: mohammed sa

Prev by Date: [Full-disclosure] OrangeHRM 2.7.1 Vacancy Name Persistent XSS
Next by Date: [Full-disclosure] how to sell and get a fair price
Previous by thread: Re: [Full-disclosure] File Disclosure in SimpleMachines Forum <= 2.0.3
Next by thread: [Full-disclosure] Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect
Index(es):
- Date
- Thread