Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Lisp Users: Due to the holiday next Monday, there will be no garbage collection.


rocksolid / Security / xss in fudforum

SubjectAuthor
* xss in fudforumAnonymous
+- Re: xss in fudforumAnonymous
`* Re: xss in fudforumAnonymous
 `- Re: xss in fudforumRetro Guy

1
Subject: xss in fudforum
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (novabbs.org)
Date: Fri, 19 Feb 2021 16:04 UTC
Path: i2pn2.org!i2pn.org!rocksolid2!.POSTED.novabbs-internal!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: xss in fudforum
Date: Fri, 19 Feb 2021 08:04:12 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="novabbs-internal:10.136.143.187";
logging-data="10522"; mail-complaints-to="usenet@novabbs.org"
View all headers
just found this one here:
https://www.exploit-db.com/exploits/47650
and turned off def3 at once.
not sure when I will turn it back on, seems like there are multiple vulns like this.
at least part of those were fixed with 3.1.0, def3 ran 3.0.7. so now i have to basically either rebuild everything from scratch, or i try to just insert the updated php files in my existing installation.

hmm....so, def3 will be back, but I guess it will take me a while.

cheers

trw

--
Posted on def2


Subject: Re: xss in fudforum
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (novabbs.org)
Date: Wed, 3 Mar 2021 20:03 UTC
References: 1
Path: i2pn2.org!rocksolid2!.POSTED.127.139.135.22!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Wed, 03 Mar 2021 12:03:36 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.786.kkels@anon.com>
References: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="127.139.135.22";
logging-data="10702"; mail-complaints-to="usenet@novabbs.org"
View all headers
Seems like the manual application of the patch here https://sourceforge.net/p/fudforum/code/6321/ should do the trick. I have to test a little more if this actually closed it.
That would save me a ton of time, instead of reinstalling everything.

cheers

trw

--
Posted on def2


Subject: Re: xss in fudforum
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (novabbs.org)
Date: Wed, 3 Mar 2021 21:59 UTC
References: 1
Path: i2pn2.org!rocksolid2!.POSTED.127.117.190.215!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Wed, 03 Mar 2021 13:59:31 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <opsec.787.4awy5w@anon.com>
References: <opsec.782.13sp88@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def.i2p"; posting-host="127.117.190.215";
logging-data="17026"; mail-complaints-to="usenet@novabbs.org"
View all headers
ee1f26d15744cd0ebf
And def3 is back online.

cheers

trw

--
Posted on def2


Subject: Re: xss in fudforum
From: Retro Guy
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Sat, 6 Mar 2021 07:58 UTC
References: 1 2
Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Subject: Re: xss in fudforum
Date: Sat, 6 Mar 2021 07:58:33 +0000
Organization: Rocksolid Light
Message-ID: <693283d3501486e555b0453984c00250$1@news.novabbs.org>
References: <opsec.782.13sp88@anon.com> <opsec.787.4awy5w@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="10759"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$rVOpubwqa4sTRtix87tw.O/fmaSuBRoTP9ho/Q5wd82sHjpp4RMxO
View all headers
Anonymous wrote:

ee1f26d15744cd0ebf
And def3 is back online.

Welcome back def3!
--
Posted on Rocksolid Light
news.novabbs.org


1
rocksolid light 0.7.2
clearneti2ptor