Exploit Database - Logo

Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass

EDB-ID: 32462 Author: WHK Published: 2008-10-06
CVE: N/A Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/31594/info

Simple Machines Forum (SMF) is prone to a security-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to bypass filter restrictions and post spam content onto the affected site. Other attacks are also possible.

SMF 1.1.6 is vulnerable; other versions may also be affected.

[b]ht[b][/b]tp://www.ex[i][/i]ample.com/[/b]
« Previous Exploit Next Exploit »

Related Exploits

Trying to match setup file: bb513047203ec487d1d1f353346f543b
Other Possible E-DB Search Terms: Simple Machines Forum (SMF) 1.1.6,  Simple Machines Forum
Date D V Title Author
2009-02-03 Verified Simple Machines Forum (SMF) - 'BBCode' Cookie StealingXianur0
2004-05-05 Verified Simple Machines Forum (SMF) 1.0 - Size Tag HTML InjectionCheng Peng Su
2009-01-12 Verified Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security BypassXianur0
2005-06-21 Verified Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL InjectionGulfTech Se...
2006-10-19 Verified Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scriptingb0rizQ
2006-08-20 Verified Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusionrgod
2006-08-22 Verified Simple Machines Forum (SMF) 1.1 rc2 - Lock Topicsrgod
2009-12-02 Verified Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple VulnerabilitiesSimpleAudit...
2011-08-25 Verified Simple Machines Forum (SMF) 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request ForgeryChristian Y...
2011-12-06 Verified Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File UploadHELLBOY
2007-10-20 Verified Simple Machines Forum (SMF) 1.1.3 - Blind SQL InjectionMichael Brooks
2008-03-28 Verified Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File InclusionsSibertrwolf
2008-06-15 Verified Simple Machines Forum (SMF) 1.1.4 - SQL InjectionThe:Paradox
2008-09-06 Verified Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset PasswordRaz0r
2008-11-04 Verified Simple Machines Forum (SMF) 1.1.6 - Code ExecutionCharles Fol
2008-11-05 Verified Simple Machines Forum (SMF) 1.1.6 - Local File Inclusion / Code Execution~elmysterio
2009-02-03 Verified Simple Machines Forum (SMF) 1.1.7 - '[url]' Tag HTML InjectionXianur0
2009-01-26 Verified Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package UploadXianur0
2010-03-27 Verified Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File ExecuteJosS
2011-08-07 Waiting verification Simple Machines Forum (SMF) 2.0 - Session Hijackingseth
2012-03-29 Verified Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site ScriptingAm!r
Menu