FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » FUDforum 3.0.9 exploitation (some vulnerabilities and problematic exploitations)
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
icon7.gif  FUDforum 3.0.9 exploitation [message #187817] Sun, 17 November 2019 02:02 Go to next message
HotPot is currently offline  HotPot   United States
Messages: 6
Registered: November 2019
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hi,first of all,i really appreciate that you guys offer such a great and user-friendly furom.Secondly,i noticed that some exploitations and vulnerabilities of the 3.0.9 version when i googled it,especially the Remote Code Execution(XSS RCE),An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Is there anything we can do or available patch to avoid XSS loopholes like this?
Thank you very much Very Happy Very Happy Very Happy Very Happy Very Happy Very Happy
Re: FUDforum 3.0.9 exploitation [message #187818 is a reply to message #187817] Sun, 17 November 2019 02:10 Go to previous messageGo to next message
naudefj is currently offline  naudefj   United States
Messages: 3708
Registered: December 2004
Karma: 25
Senior Member
Administrator
Core Developer
remove from buddy list
ignore all messages by this user
Forget about FUDforum 3.0.9 and go for version 3.1.0 Smile
Re: FUDforum 3.0.9 exploitation [message #187823 is a reply to message #187818] Thu, 21 November 2019 22:24 Go to previous message
HotPot is currently offline  HotPot   United States
Messages: 6
Registered: November 2019
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
thank you very much!!!
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: The database password is plaintext
Next Topic: my problem when i install FUDforum3.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Dec 10 09:38:27 EST 2019

Total time taken to generate the page: 0.00722 seconds