[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads

To: Virginity Security <advisory@konfiweb.de>
Subject: [Full-Disclosure] Re: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
From: Ron DuFresne <dufresne@winternet.com>
Date: Mon, 3 Nov 2003 10:56:56 -0600 (CST)

When did we start securing virgins?!?

Thanks,

Ron DuFresne

On 31 Oct 2003, Virginity Security wrote:

>
>
> - - - --------------------------------------------------------------------
> Virginity Security Advisory 2003-002
> - - - --------------------------------------------------------------------
>              DATE : 2003-10-31 22:59 GMT
>              TYPE : remote
> VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 
> (http://www.tritanium-scripts.com/)
>            AUTHOR : Virginity
> - - - --------------------------------------------------------------------
>
>
> Description:
>
> I found a security bug in Tritanium Bulletin Board:
> Normal Users can read the content of Threads to which they have no access 
> rights!
> (and can answer to it which may be a problem if the internal forum has the 
> right to insert html code)
>
> Author of the Software has been notified.
>
> - - - --------------------------------------------------------------------
>
>
> Example:
>
> http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE 
> THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]
>
> Shows the window where The Attacker can answer to the topic and below that a 
> window with the content of the thread!!!
> The Attacker can easily read all protected Threads since the thread_id is 
> counted for every forum newly so just put from 1 on upwards :-)
>
> - - - --------------------------------------------------------------------
>
>
> Solution:
> Hey sorry this time i had no time for a solution :-)
>
> - - - --------------------------------------------------------------------
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] [RHSA-2003:309-01] Updated fileutils/coreutils package fix ls vulnerabilities
Next by Date: [Full-Disclosure] [spam] Help our troops embezzle today
Previous by thread: [Full-Disclosure] [RHSA-2003:309-01] Updated fileutils/coreutils package fix ls vulnerabilities
Next by thread: [Full-Disclosure] [spam] Help our troops embezzle today
Index(es):
- Date
- Thread