lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031031215944.3041.qmail@sf-www1-symnsj.securityfocus.com> Date: 31 Oct 2003 21:59:44 -0000 From: Virginity Security <advisory@...fiweb.de> To: bugtraq@...urityfocus.com Subject: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads - - - -------------------------------------------------------------------- Virginity Security Advisory 2003-002 - - - -------------------------------------------------------------------- DATE : 2003-10-31 22:59 GMT TYPE : remote VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/) AUTHOR : Virginity - - - -------------------------------------------------------------------- Description: I found a security bug in Tritanium Bulletin Board: Normal Users can read the content of Threads to which they have no access rights! (and can answer to it which may be a problem if the internal forum has the right to insert html code) Author of the Software has been notified. - - - -------------------------------------------------------------------- Example: http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid] Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!! The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put from 1 on upwards :-) - - - -------------------------------------------------------------------- Solution: Hey sorry this time i had no time for a solution :-) - - - --------------------------------------------------------------------
Powered by blists - more mailing lists