在milw0rm给出的是一段php的脚本,难道可以 php trarget.com这样执行?
crack 2008-09-10 发件人: Secunia Security Advisories 发送时间: 2008-09-09 06:42:03 收件人: [EMAIL PROTECTED] 抄送: 主题: SecuredBits: [SA31750] Simple Machines Forum Password ResetVulnerability ---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: Simple Machines Forum Password Reset Vulnerability SECUNIA ADVISORY ID: SA31750 VERIFY ADVISORY: http://secunia.com/advisories/31750/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Simple Machines Forum 1.x http://secunia.com/product/5285/ DESCRIPTION: A vulnerability has been reported in Simple Machines Forum, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application generating validation codes for the password reset functionality in an insecure manner. This can be exploited to predict the validation code and reset user passwords to an arbitrary value. The vulnerability is reported in version 1.1.5 when being installed on the Windows platform. Other versions may also be affected. SOLUTION: Update to version 1.1.6. PROVIDED AND/OR DISCOVERED BY: Raz0r ORIGINAL ADVISORY: Simple Machines Forum: http://www.simplemachines.org/community/index.php?topic=260145.0 Raz0r: http://milw0rm.com/exploits/6392 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=securedbits%40gmail.com ---------------------------------------------------------------------- --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
