Re: Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads

[Ron DuFresne <dufresne () winternet com>]

Yes, but, you had to expect this, it had to comeup as the 'group' name was
being decided upon.

Of course, the debate of virgin state of computers is certainly not a null
nor moot issue either, do you know where yer laptop plays afterdark?!

Anyways, thanks for the laugh, I look forward to more ribbing as the
'group' parses out more virgins.

Thanks,

Ron DuFresne

On 4 Nov 2003 advisory () konfiweb de wrote:

> Just look for "Virginity Security Advisory 2003-001"
>
> Besides: We do not secure virgins, our group name is just
> Virginity Security Research Center what has nothing to do with the human virginity but with the virginity of 
> computers!!
>
> Am 03.11.2003 17:53:03, schrieb Ron DuFresne <dufresne () winternet com> :
>
> > When did we start securing virgins?!?
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On 31 Oct 2003, Virginity Security wrote:
> >
> > > - - - --------------------------------------------------------------------
> > > Virginity Security Advisory 2003-002
> > > - - - --------------------------------------------------------------------
> > >              DATE : 2003-10-31 22:59 GMT
> > >              TYPE : remote
> > > VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/)
> > >            AUTHOR : Virginity
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Description:
> > >
> > > I found a security bug in Tritanium Bulletin Board:
> > > Normal Users can read the content of Threads to which they have no access rights!
> > > (and can answer to it which may be a problem if the internal forum has the right to insert html code)
> > >
> > > Author of the Software has been notified.
> > >
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Example:
> > >
> > > http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF 
> > > FORUM]&sid=[your sid]
> > >
> > > Shows the window where The Attacker can answer to the topic and below that a window with the content of the 
> > > thread!!!
> > > The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just 
> > > put from 1 on upwards :-)
> > >
> > > - - - --------------------------------------------------------------------
> > >
> > >
> > > Solution:
> > > Hey sorry this time i had no time for a solution :-)
> > >
> > > - - - --------------------------------------------------------------------
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> >     ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D.  Just don't touch anything.
>
> -------
> Gesendet mit
> Konfiweb.de
> > und du siehst die Dinge anders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html