This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details. You can review the list of the published vulnerabilities in: http://code.google.com/p/smf2-review/issues/list CSRF, RCE PHP Remote Code Execution SMF2 www.kernel32 CSRF CSRF theme change SMF2, SMF1 www.kernel32 CSRF Subforum Category Collapse CSRF SMF2, SMF1 www.kernel32 CSRF CSRF en el gestor de servidores de paquetes SMF2, SMF1 www.kernel32 XSS XSS in package server manager SMF2, SMF1 www.kernel32 CSRF CSRF package deletion and installed package disclosure SMF2 www.kernel32 CSRF, XSS Attached files configuration CSRF SMF2 www.kernel32 XSS XSS in "Enable basic HTML in posts" SMF2 sirdarckcat RFD Remote File Disclosure (solo en logs, y similares) SMF2 sirdarckcat CSRF CSRF en Moderation Preferences SMF2 sirdarckcat XSS XSS en el censurador de palabras SMF2, SMF1 sirdarckcat CSRF CSRF in Polls SMF2, SMF1 sirdarckcat XSS installer XSS SMF2 brlvldvlsmrtnz XSS XSS in the installer (install.php) SMF2 cicatriz.r00t CSRF CSRF in the message rule manager SMF2 cicatriz.r00t XSS XSS in smileys manager SMF2 cicatriz.r00t XSS Error log XSS SMF2 www.kernel32 CSRF Arbitrary package deinstalation CSRF SMF2 www.kernel32 XSS User search XSS SMF2 www.kernel32 XSS language manager CSRF+XSS SMF2 cicatriz.r00t XSS XSS in forum name SMF2 ysk.sft XSS XSS in logo. SMF2 cicatriz.r00t CSRF, XSS CSRF in the posts settings SMF2 brlvldvlsmrtnz XSS Language search XSS SMF2 brlvldvlsmrtnz XSS XSS in theme name of themes and layout settings. SMF2 brlvldvlsmrtnz XSS XSS in member options with theme name SMF2 brlvldvlsmrtnz XSS XSS in theme url and settings SMF2 brlvldvlsmrtnz XSS XSS in modify themes with theme names SMF2 brlvldvlsmrtnz XSS, CSRF XSS in package manager / options SMF2 cicatriz.r00t CSRF CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft CSRF CSRF join 2 topics . SMF2 ysk.sft CSRF CSRF permite borrar una encuesta SMF2 ysk.sft CSRF CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft DoS RSS DoS SMF2, SMF1 www.kernel32 CSRF Session token stealling SMF2, SMF1 www.kernel32 ---- ReDoS en htmltrim SMF2 sirdarckcat DoS Forum access DoS SMF2 sirdarckcat XSS XSS en la subida de archivos. SMF2 ysk.sft CSRF Message rule CSRF SMF2 brlvldvlsmrtnz CSRF Steal session token SMF2, SMF1 www.kernel32
