SFM exploit

hey so i hear about this size tag exploit for SFM but I don't understand how you are suppose to incorporate malicious code into it. Can someone clear it up for me?

i never heared of this, and are you talking about SMF? this sound to be XSS using CSS. Read:

http://www.hellboundhackers.org/articles/748-CSS-XSS.html

for details

that exploit doesnt work in smf

color has a regex on it for alphanumeric only size has a regex for number:number:"pt" anything else it doesnt work

font type doesnt have any regex on it but it strips out () and i cant find any way around that

LFI On SMF 1.1.3 Download Page http://www.simplemachines.org/download/

Error code in index.php line 334

require_once($sourcedir . '/' . $actionArray[$_REQUEST['action']][0]);

Saw this on securitydot, but for me if I enter any action that doesnt exist it just redirects to index.php

try ../../../../../etc/passwd see if it works

As I said, any value which isn't a valid action gets redirected, I think its a fake exploit.