lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CABsCEg24YjvFx8u5d4WLM9y1h6PYQgG6rY_QxA=uJR0anZ53Cg@mail.gmail.com>
Date: Mon, 25 Nov 2013 12:44:51 +0200
From: LIAD Mizrachi <liadmz@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Tapuz - Flix Password ByPass

Advisory: Tapuz - Flix Password ByPass
Vendor URL: http://www.tapuz.co.il
Author: Liad Mizrachi
Status: Not Fixed

==========================
Vulnerability Description
==========================


Flix is 'Tapuz' video streaming service allowing users to upload their
video and share it with others, in addition, user can choose to password
protect the uploaded video.

Upon loading a password protected video, the user is promote to enter the
password, which is verified with Ajax request.
The URL http://flix.tapuz.co.il/v/Ajax/CheckPasswordProtectedMedia.aspxreceive
the video ID and password and return 0/1.
By manipulating the response from the server, any user can access the movie
without any knowledge on the real password.



==========================
PoC
==========================


1. Load a password protected movie on Flix
2. Intercept the response from /v/Ajax/CheckPasswordProtectedMedia.aspx
3. Change the response body from '0' to '1'
4. Enjoy the video.

PoC Demo [ https://vimeo.com/80252377 ]

==========================
Solution
==========================


Remvoe your content from Tapuz Flix Service and move it to a move secure
service.


==========================
Disclosure Timeline
==========================


27-Jun-2013 - vendor informed by mail
27-Jun-2013 - Call with CIO & R&D Department.
19-Aug-2013 - eMail to get an update - No reply.
12-Nov-2013 - eMail to get an update - No reply.
17-Nov-2013 - eMail to get an update - No reply.
25-Nov-2013 - Advisory Published (No Fix yet).


==========================
References
==========================

http://flix.tapuz.co.il
http://www.alexa.com/siteinfo/tapuz.co.il
https://vimeo.com/80252377 [PoC Demo]

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ