Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"There is no distinctly American criminal class except Congress." -- Mark Twain


computers / rocksolid.shared.security / xss in fudforum

SubjectAuthor
* xss in fudforumAnonymous
+- xss in fudforumAnonymous
`* xss in fudforumAnonymous
 `- xss in fudforumRetro Guy

1
xss in fudforum

<opsec.782.13sp88@anon.com>

 copy mid

https://news.novabbs.com/computers/article-flat.php?id=207&group=rocksolid.shared.security#207

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!i2pn.org!rocksolid2!.POSTED.novabbs-internal!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: xss in fudforum
Date: Fri, 19 Feb 2021 08:04:12 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="novabbs-internal:10.136.143.187";
logging-data="10522"; mail-complaints-to="usenet@novabbs.org"
 by: Anonymous - Fri, 19 Feb 2021 16:04 UTC

just found this one here:
https://www.exploit-db.com/exploits/47650
and turned off def3 at once.
not sure when I will turn it back on, seems like there are multiple vulns like this.
at least part of those were fixed with 3.1.0, def3 ran 3.0.7. so now i have to basically either rebuild everything from scratch, or i try to just insert the updated php files in my existing installation.

hmm....so, def3 will be back, but I guess it will take me a while.

cheers

trw

--
Posted on def2

Re: xss in fudforum

<opsec.786.kkels@anon.com>

 copy mid

https://news.novabbs.com/computers/article-flat.php?id=210&group=rocksolid.shared.security#210

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.127.139.135.22!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Wed, 03 Mar 2021 12:03:36 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.786.kkels@anon.com>
References: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="127.139.135.22";
logging-data="10702"; mail-complaints-to="usenet@novabbs.org"
 by: Anonymous - Wed, 3 Mar 2021 20:03 UTC

Seems like the manual application of the patch here https://sourceforge.net/p/fudforum/code/6321/ should do the trick. I have to test a little more if this actually closed it.
That would save me a ton of time, instead of reinstalling everything.

cheers

trw

--
Posted on def2

Re: xss in fudforum

<opsec.787.4awy5w@anon.com>

 copy mid

https://news.novabbs.com/computers/article-flat.php?id=211&group=rocksolid.shared.security#211

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.127.117.190.215!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Wed, 03 Mar 2021 13:59:31 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.787.4awy5w@anon.com>
References: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def.i2p"; posting-host="127.117.190.215";
logging-data="17026"; mail-complaints-to="usenet@novabbs.org"
 by: Anonymous - Wed, 3 Mar 2021 21:59 UTC

>>ee1f26d15744cd0ebf
And def3 is back online.

cheers

trw

--
Posted on def2

Re: xss in fudforum

<693283d3501486e555b0453984c00250$1@news.novabbs.org>

 copy mid

https://news.novabbs.com/computers/article-flat.php?id=212&group=rocksolid.shared.security#212

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Sat, 6 Mar 2021 07:58:33 +0000
Organization: Rocksolid Light
Message-ID: <693283d3501486e555b0453984c00250$1@news.novabbs.org>
References: <opsec.782.13sp88@anon.com> <opsec.787.4awy5w@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="10759"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$rVOpubwqa4sTRtix87tw.O/fmaSuBRoTP9ho/Q5wd82sHjpp4RMxO
 by: Retro Guy - Sat, 6 Mar 2021 07:58 UTC

Anonymous wrote:

>>>ee1f26d15744cd0ebf
> And def3 is back online.

Welcome back def3!
--
Posted on Rocksolid Light
news.novabbs.org

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor