Recent security issue reported
May 16, 2013, 02:42:51 PM Posted by emanuele on May 16, 2013, 02:42:51 PM in Recent security issue reported | 8 CommentsRecently an "exploit" has been reported, for example:
http://exploitsdownload.com/search/smf%202.0.4%20exploit/
http://packetstormsecurity.com/files/121391/SMF-2.0.4-PHP-Code-Injection.html
The core of the issue is in this comment:
Is it something annoying? Yes.
Is it a security issue? No.
It is no more dangerous than any other piece of the admin panel that allows admins to change any (writable) file on the server.
If a security issue that will need a release will be discovered, then it may be worth fix this unintended behaviour, otherwise a fix will be provided in the next version of SMF.
http://exploitsdownload.com/search/smf%202.0.4%20exploit/
http://packetstormsecurity.com/files/121391/SMF-2.0.4-PHP-Code-Injection.html
The core of the issue is in this comment:
Code Select
// to successfully exploit smf 2.0.4 we need correct admin's cookie:Is it something annoying? Yes.
Is it a security issue? No.
It is no more dangerous than any other piece of the admin panel that allows admins to change any (writable) file on the server.
If a security issue that will need a release will be discovered, then it may be worth fix this unintended behaviour, otherwise a fix will be provided in the next version of SMF.
Comments
Thanks for the official heads-up 
Thanks Emanuele 
Glad to know it, thanks ema!
Nicely put, Manny.
Quote from: Arantor on May 16, 2013, 02:45:13 PMI waited to see if someone else wanted to have his nick on a topic here but since everybody here around are shy I had to...
Thanks for the official heads-up
Thanks for the info
quick question: its not possible in 2.1 because of tokens right?
quick question: its not possible in 2.1 because of tokens right?
Tokens have nothing to do with that.
In 2.1 is still the same and should be fixed.
In 2.1 is still the same and should be fixed.
I'm going to go out on a limb here and say: the tokens make precisely zero difference.
In fact, as I said elsewhere, I'm really not convinced tokens make any real difference at all.
OK, so the token prevents drive-by POSTs like this, sure. But all a hacker has to do is make two requests, not one, the first request to open the page in question (which gets them the token) and then submit that token straight back to carry out the actual malicious stuff.
It makes it *slightly* harder, the real protection is still the fact that you have to hijack an admin's session directly anyway.
I would love someone to show me what benefit tokens actually provide. (Especially since I can imagine mod authors not using them anyway.)
In fact, as I said elsewhere, I'm really not convinced tokens make any real difference at all.
OK, so the token prevents drive-by POSTs like this, sure. But all a hacker has to do is make two requests, not one, the first request to open the page in question (which gets them the token) and then submit that token straight back to carry out the actual malicious stuff.
It makes it *slightly* harder, the real protection is still the fact that you have to hijack an admin's session directly anyway.
I would love someone to show me what benefit tokens actually provide. (Especially since I can imagine mod authors not using them anyway.)