FUDforum: FUDforum 3.0+ » FUDforum 3.0.9 exploitation

Home » FUDforum Development » FUDforum 3.0+ » FUDforum 3.0.9 exploitation (some vulnerabilities and problematic exploitations)

Show: Today's Messages :: Polls :: Message Navigator

FUDforum 3.0.9 exploitation [message #187817]

Sun, 17 November 2019 07:02

HotPot

Messages: 6
Registered: November 2019

Karma:

Junior Member

Hi,first of all,i really appreciate that you guys offer such a great and user-friendly furom.Secondly,i noticed that some exploitations and vulnerabilities of the 3.0.9 version when i googled it,especially the Remote Code Execution(XSS RCE),An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Is there anything we can do or available patch to avoid XSS loopholes like this?
Thank you very much Very Happy

Report message to a moderator

[Message index]

		FUDforum 3.0.9 exploitation By: HotPot on Sun, 17 November 2019 07:02
		Re: FUDforum 3.0.9 exploitation By: naudefj on Sun, 17 November 2019 07:10
		Re: FUDforum 3.0.9 exploitation By: HotPot on Fri, 22 November 2019 03:24

Previous Topic:	The database password is plaintext
Next Topic:	my problem when i install FUDforum3.1

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Tue Dec 03 17:02:40 GMT 2024

Total time taken to generate the page: 0.04415 seconds