[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Virginity Security Advisory 2003-002 : Tritanium Bulletin Board -
From:       Virginity Security <advisory () konfiweb ! de>
Date:       2003-10-31 21:59:44
[Download RAW message or body]



- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
             DATE : 2003-10-31 22:59 GMT
             TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 \
(http://www.tritanium-scripts.com/)  AUTHOR : Virginity
- - - --------------------------------------------------------------------


Description:

I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to \
insert html code)

Author of the Software has been notified.

- - - --------------------------------------------------------------------


Example:

http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO \
READ]&forum_id=[ID OF FORUM]&sid=[your sid]

Shows the window where The Attacker can answer to the topic and below that a window \
with the content of the thread!!! The Attacker can easily read all protected Threads \
since the thread_id is counted for every forum newly so just put from 1 on upwards \
:-)

- - - --------------------------------------------------------------------


Solution:
Hey sorry this time i had no time for a solution :-)

- - - --------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]