Full Disclosure mailing list archives

Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads

From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 3 Nov 2003 10:56:56 -0600 (CST)


When did we start securing virgins?!?

Thanks,

Ron DuFresne

On 31 Oct 2003, Virginity Security wrote:



- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
             DATE : 2003-10-31 22:59 GMT
             TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/)
           AUTHOR : Virginity
- - - --------------------------------------------------------------------


Description:

I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to insert html code)

Author of the Software has been notified.

- - - --------------------------------------------------------------------


Example:

http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF 
FORUM]&sid=[your sid]

Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!!
The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put 
from 1 on upwards :-)

- - - --------------------------------------------------------------------


Solution:
Hey sorry this time i had no time for a solution :-)

- - - --------------------------------------------------------------------


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads Ron DuFresne (Nov 03)
- <Possible follow-ups>
- Re: Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads advisory (Nov 04)
  - Re: Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads Ron DuFresne (Nov 04)