Donate to us via Paypal!
Don't judge the unknown - Grindordie
Sunday, February 28, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 110
Guests Online: 110
Members Online: 0

Registered Members: 133752
Newest Member: tucker11935
Latest Articles

View Thread

HellBound Hackers | Computer General | Hacking in general

Author

SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 07:10
hey so i hear about this size tag exploit for SFM but I don't understand how you are suppose to incorporate malicious code into it. Can someone clear it up for me?


Author

RE: SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 08:21
i never heared of this, and are you talking about SMF?
this sound to be XSS using CSS. Read:

http://www.hellboundhackers.org/articles/748-CSS-XSS.html

for details


Author

RE: SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 16:50
that exploit doesnt work in smf

color has a regex on it for alphanumeric only
size has a regex for number:number:"pt" anything else it doesnt work

font type doesnt have any regex on it but it strips out () and i cant find any way around that
Author

RE: SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 17:51
LFI On SMF 1.1.3
Download Page
http://www.simplemachines.org/download/

Error code
in index.php line 334

require_once($sourcedir . '/' . $actionArray[$_REQUEST['action']][0]);

Saw this on securitydot, but for me if I enter any action that doesnt exist it just redirects to index.php
Author

RE: SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 17:56
try ../../../../../etc/passwd see if it works


Author

RE: SFM exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-09-07 18:08
As I said, any value which isn't a valid action gets redirected, I think its a fake exploit.