Home / exploits SMF 2.0.5 Remote Shell Upload Vulnerability
Posted on 23 October 2013
See https://github.com/SimpleMachines/SMF2.1/issues/701 There is a test a bit later on which make sure the uploaded stuff is an image through a getimagesize call, indeed the file is not deleted on error, but this should be handled by PHP at the end of the script execution. ChangeLog: ! Added some headers to help protect against clickjacking (thanks Jakob Lell for the report) ! Invalid avatars were not always properly cleaned up (thanks chaoztc for the report) ! Added protection against usernames being impersonated with Unicode space characters (thanks Jakob Lell for the report) ! Sessions weren't always cleaned up properly on logout (thanks creepernex for the report) ! Certain fields were accepted during registration even when they shouldn't be (thanks tomreyn for the report) ! Certain errors were unnecessarily shown during a failed registration and some of those were inappropriate anyway (thanks Labradoodle-360 for the report) ! Approving an account from a member's profile was not logged (thanks emanuele for the report) ! Approving an account from a member's profile did not always properly enforce security rules (thanks emanuele for the report) ! The PHPSESSID injector would also add it to the canonical link, breaking it (thanks to all who reported it) ! An invalid character was indicated in legacy attachment handling ! Under some circumstances the admin panel would not accept the number of verification questions you had entered (thanks BurkeKnight for the report) ! The help pages could sometimes accidentally direct users to non-existing pages (thanks AngelinaBelle for the report and Illori for the fix)
