Place Your Ad Here

Bug Possible 0day exploit

There is a bug in this version
C

cyanidee

Guest
Is being able to put some form of xenforo syntax inside a template or widget and be able to read /etc/passwd or any other file the web server user has access to such as config.php considered a vulnerability? I might have found an exploit if so you can do this on the latest version all the way back to at least v2.1.4 might even go before that. Also considered an ssrf since you can read files behind firewalls etc, and do requests to the outside to get the server origin ip for example (to...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

N
Bug XF does not loop through all possible folders inside '_output' on import/upgrade
Replies
0
Views
35
XenForo General Discussions
nocte
N
M
Ques/Help is it possible to search for posts by Reaction?
Replies
0
Views
46
XenForo General Discussions
maxd
M
D
Ques/Help Is it possible to have User Upgrades Across multiple sites?
Replies
0
Views
44
XenForo General Discussions
dunowat
D
B
Ques/Help Is it possible to add message/like ratio on postbit?
Replies
0
Views
93
XenForo General Discussions
betforumu
B
Y
Ques/Help Is it possible to replace a thread with a link
Replies
0
Views
98
XenForo General Discussions
Yoshiro
Y
Top Bottom
Back