FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » FUDforum 3.0.9 exploitation (some vulnerabilities and problematic exploitations)
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
icon7.gif  FUDforum 3.0.9 exploitation [message #187817] Sun, 17 November 2019 07:02 Go to previous message
HotPot is currently offline  HotPot   United States
Messages: 6
Registered: November 2019
Karma:
Junior Member
Hi,first of all,i really appreciate that you guys offer such a great and user-friendly furom.Secondly,i noticed that some exploitations and vulnerabilities of the 3.0.9 version when i googled it,especially the Remote Code Execution(XSS RCE),An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Is there anything we can do or available patch to avoid XSS loopholes like this?
Thank you very much Very Happy Very Happy Very Happy Very Happy Very Happy Very Happy
[Message index]
 
Read Message icon7.gif
Read Message
Read Message
Previous Topic: The database password is plaintext
Next Topic: my problem when i install FUDforum3.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Dec 12 05:05:13 GMT 2024

Total time taken to generate the page: 0.04237 seconds