t3_dbtools_seditio_plugin_CSRF

2012-04-23T00:00:00
ID SECURITYVULNS:DOC:27973
Type securityvulns
Reporter Securityvulns
Modified 2012-04-23T00:00:00

Description

====================================================================== Vulnerable software: T3 DB Tools Version 1.6 (seditio database management plugin). Developed by : http://www.t3-design.com/t3-db-tools/ (MD5 SUM: 8ab362601793e238f504783fd9953dd4 dbtools.rar) ====================================================================== Tested: php.ini MAGIC_QUOTES_GPC OFF Safe mode off / OS: Windows XP SP2 (32 bit) Apache: 2.2.21.0 PHP Version: 5.2.17.17 mysql> select version() -> ; +-----------+ | version() | +-----------+ | 5.5.21 | +-----------+ */ ====================================================================== About software:

T3 DB Tools T3 DB Tools is a seditio database management plugin.

Features: – Backup all or selected tables of your seditio DB. – Table information and schema. – Browse tables (experimental) – Drop, truncate tables. – Option to export data, structure or both. – Support for gzip, bzip2 compression of the backups. – Restore database backup. – Run custom sed queries. – Extra security rights. – Check, analyze, repair and optimize tables. – Auto create the backup folder and the directory blocker protection. – 100% ability to translate. – Easy navigation and event reports. ====================================================================== Vulnerability Desc: T3 DB Tools Version 1.6 is prone to CROSS SITE REQUEST FORGERY Vulnerability. It uses $_GET without any tokenization when deals with DANGERIOUS truncate,drop operations on your database. See: http://cxsecurity.com/issue/WLB-2012040071 (seditio165 CSRF and remote access to db dump) ======================================================================

======================Workaround======================================= A) If you found it in your administration section uninstall it immediately. To do so: Go to /system/core/admin/ 1'st backup dbinc/ directory.(copy to your pc) Then delete it. 2'nd Backup admin.dbtools.inc.php too:(copy to your pc) Then Delete admin.dbtools.inc.php file too. Or try to uninstall it from Plugins section. Secure datas/backups directory by placing .htaccess (deny from all) or remove datas/backups/ directory. (Do not forget backup it too.) B) Do not install T3 DB Tools.(Otherwise one nice day it'll drop/truncate your database tables) ======================================================================

Note: (Maybe previous versions too affected but not tested)

/AkaStep ^_^

Greetz to all: packetstormsecurity.*,securityfocus.com,cxsecurity.com,security.nnov.ru,securtiyvulns.com and to all others!