So we have one of our members say that xenForo is vulnerable to 'CSS' attacks. Wondering if any of the xF installs have been hacked via CSS so far?
Well, that's an add-on; but he essentially says that he found something with the xenForo platform itself.http://www.crazyengineers.com/threads/is-ce-easy-to-hack.69619/#post-288337
EDIT: Which appears to relate to what ever add-on this is: http://www.crazyengineers.com/ceom/
You already gave me the environment in past. So i tested it there.
And there is nothing to prove in it. Its something we cannot stop. Rather we can secure the server. its already decently secured. the thing i m talking about it is hardcore server security. Make the drive persistent. Every Server restart will make it raid free. And power backup the server in hard environment everytime. I guess you might be aware of DEEPFREEZE application for machines. Persistant drives are for the same purpose. and there is a feature in remote hosting environment which is net bridged, mainly used by website hosting companies, to block remove execution/ i.e to avoid scripting. That will patch this issue. If you want I can show it on your environment. But i already tested it there. I can give you a video of the attack if you want.
CSS=>Preg Match embedded into CSRF using Levenstein obfuscated code. Its tailor made. Cant reveal more info. But the frame is decently secured. Dont worry. It doesnt take the machine down