ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 31,057
- Points
- 823
It looks like a group has been actively exploiting XSS vulnerabilities in older versions of XenForo (< 2.3.9).
They targeted 112 sites and defaced at least some of them.
Two of the sites affected were linux.org and FreeBSD.org, both supporting popular open source projects, which seem to be rather unfortunate targets for someone allegedly trying to get a message over.
www.linux.org
...
Read more
Continue reading...
They targeted 112 sites and defaced at least some of them.
Two of the sites affected were linux.org and FreeBSD.org, both supporting popular open source projects, which seem to be rather unfortunate targets for someone allegedly trying to get a message over.
Whoops - a Xenforo XSS vulnerability bit us!
I had upgrade xenforo on my todo list, and didn't get to it in time. Someone was able to use a new XSS vulnerability to inject code into a site widget. After many mysql queries we found it happened at about 14:06 ET. Also, did not see any exports or ability to do any exports. I played it...
...
Read more
Continue reading...