FUDforum: FUDforum 3.0+ » FUDforum 3.0.9 exploitation

Home » FUDforum Development » FUDforum 3.0+ » FUDforum 3.0.9 exploitation (some vulnerabilities and problematic exploitations)

Show: Today's Messages :: Polls :: Message Navigator

FUDforum 3.0.9 exploitation [message #187817]

Sun, 17 November 2019 07:02

HotPot

Messages: 6
Registered: November 2019

Karma: 0

Junior Member

Hi,first of all,i really appreciate that you guys offer such a great and user-friendly furom.Secondly,i noticed that some exploitations and vulnerabilities of the 3.0.9 version when i googled it,especially the Remote Code Execution(XSS RCE),An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Is there anything we can do or available patch to avoid XSS loopholes like this?
Thank you very much Very Happy