Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads

2003-11-03T00:00:00
ID SECURITYVULNS:DOC:5335
Type securityvulns
Reporter Securityvulns
Modified 2003-11-03T00:00:00

Description


Virginity Security Advisory 2003-002


         DATE : 2003-10-31 22:59 GMT
         TYPE : remote

VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/) AUTHOR : Virginity


Description:

I found a security bug in Tritanium Bulletin Board: Normal Users can read the content of Threads to which they have no access rights! (and can answer to it which may be a problem if the internal forum has the right to insert html code)

Author of the Software has been notified.


Example:

http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]

Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!! The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put from 1 on upwards :-)


Solution: Hey sorry this time i had no time for a solution :-)