NI3
11-04-2003, 01:18 PM
Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
Date: 2003-11-03
Security-Corporation ID : SC-0724
Author : Virginity Security <[Only registered and activated users can see links]>
Product : Tritanium Bulletin Board 1.2.3
Source Message Contents :
- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
DATE : 2003-10-31 22:59 GMT
TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 ([Only registered and activated users can see links])
AUTHOR : Virginity
- - - --------------------------------------------------------------------
Description:
I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to insert
html code)
Author of the Software has been notified.
- - - --------------------------------------------------------------------
Example:
[Only registered and activated users can see links][target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO
READ]&forum_id=[ID OF FORUM]&sid=[your sid]
Shows the window where The Attacker can answer to the topic and below that a window with the
content of the thread!!!
The Attacker can easily read all protected Threads since the thread_id is counted for every
forum newly so just put from 1 on upwards :-)
- - - --------------------------------------------------------------------
Date: 2003-11-03
Security-Corporation ID : SC-0724
Author : Virginity Security <[Only registered and activated users can see links]>
Product : Tritanium Bulletin Board 1.2.3
Source Message Contents :
- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
DATE : 2003-10-31 22:59 GMT
TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 ([Only registered and activated users can see links])
AUTHOR : Virginity
- - - --------------------------------------------------------------------
Description:
I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to insert
html code)
Author of the Software has been notified.
- - - --------------------------------------------------------------------
Example:
[Only registered and activated users can see links][target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO
READ]&forum_id=[ID OF FORUM]&sid=[your sid]
Shows the window where The Attacker can answer to the topic and below that a window with the
content of the thread!!!
The Attacker can easily read all protected Threads since the thread_id is counted for every
forum newly so just put from 1 on upwards :-)
- - - --------------------------------------------------------------------