FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » FUDforum 3.0.9 exploitation (some vulnerabilities and problematic exploitations)
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
icon7.gif  FUDforum 3.0.9 exploitation [message #187817] Sun, 17 November 2019 07:02 Go to next message
HotPot is currently offline  HotPot   United States
Messages: 6
Registered: November 2019
Karma: 0
Junior Member
Hi,first of all,i really appreciate that you guys offer such a great and user-friendly furom.Secondly,i noticed that some exploitations and vulnerabilities of the 3.0.9 version when i googled it,especially the Remote Code Execution(XSS RCE),An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Is there anything we can do or available patch to avoid XSS loopholes like this?
Thank you very much Very Happy Very Happy Very Happy Very Happy Very Happy Very Happy
Re: FUDforum 3.0.9 exploitation [message #187818 is a reply to message #187817] Sun, 17 November 2019 07:10 Go to previous messageGo to next message
naudefj is currently offline  naudefj   United States
Messages: 3772
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
Forget about FUDforum 3.0.9 and go for version 3.1.0 Smile
Re: FUDforum 3.0.9 exploitation [message #187823 is a reply to message #187818] Fri, 22 November 2019 03:24 Go to previous message
HotPot is currently offline  HotPot   United States
Messages: 6
Registered: November 2019
Karma: 0
Junior Member
thank you very much!!!
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: The database password is plaintext
Next Topic: my problem when i install FUDforum3.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Dec 12 04:36:56 GMT 2024

Total time taken to generate the page: 0.02582 seconds