klynn.securityfocus@kevinlynn.com
11/11/07, 20:14
This is the second SMF vulnerability announced in the recent weeks that appears to be caused by administrative misconfiguration rather than an error in SMF. I have tested this on a default SMF 1.1.4 test environment and it did not work for me.
Given the fact that previous messages from h3llcode or others in your blackroots.it group make mention of the use of .htaccess for controlling access to sensitive areas, it seems likely that h3llcode has opened permissions to allow escalated privileges to others and is then attempting to control those privileges using .htaccess files. Either that or h3llcode is testing the advanced search from an account enabled with escalated privileges already.
h3llcode, please create a default SMF 1.1.4 test environment and report back on your findings. If it can be duplicated in a properly configured SMF forum, I'm very interested in knowing about it.
Thank you,
Kevin Lynn, CISSP
Given the fact that previous messages from h3llcode or others in your blackroots.it group make mention of the use of .htaccess for controlling access to sensitive areas, it seems likely that h3llcode has opened permissions to allow escalated privileges to others and is then attempting to control those privileges using .htaccess files. Either that or h3llcode is testing the advanced search from an account enabled with escalated privileges already.
h3llcode, please create a default SMF 1.1.4 test environment and report back on your findings. If it can be duplicated in a properly configured SMF forum, I'm very interested in knowing about it.
Thank you,
Kevin Lynn, CISSP