Description - X-Forwarded-For XSS in Simple Machines Forum - SMF
Cross Site Scripting found in Simple Machines Forum - SMF script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: Sources/Register.php
Variable $_SERVER['HTTP_X_FORWARDED_FOR'] isn't properly sanitized. This can be used to post HTTP query with fake X-Forwarded-For value which may contain arbitrary html or script code. This code will be executed when administrator will open "View all members" section in Administrator's control panel .
Administrator's session is threatened.
Order Source Code Audit
Protect a website by source code review of your site or web application made by eVuln team.The work will be done by experts in website security.