AsmBB

Power
Login Register

Thanks to the hxp CTF challenge, several serious vulnerabilities has been fixed.
1

#16312 (ツ) johnfound
Last edited: 19.05.2023 by johnfound, read: 4197 times

On the 10th of March the hxp CTF competition was held, where one of the tasks was to hack AsmBB.

Out of 181 teams participating in the competition, only 8 managed to solve this task. And in doing so, they did the AsmBB project a huge favor.

Several XSS vulnerabilities and one serious RCE were disclosed.

Of course, the disclosed vulnerabilities are now fixed. Thanks to Zeyu for the great writeup and to Sisu who noticed me about this challenge.

So, I recommend everyone to upgrade to the latest version of trunk.

I'll wait a week or so to see if any new bug reports appear and plan to issue an official v2.10 release.

P.S. Unfortunately I am still too busy with a RL projects, but I hope to find some free time in the coming months to work more actively on this and other free projects.

#16318 (ツ) ganuonglachanh
Created 16.03.2023, read: 4146 times

Well, asmBB will be more secure, thanks the contest!

Thanks to the hxp CTF challenge, several serious vulnerabilities has been fixed.
1

AsmBB v3.0 (check-in: a316dab8b98d07d9); SQLite v3.42.0 (check-in: 831d0fb2836b71c9);
©2016..2023 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE