[32261] in bugtraq
Virginity Security Advisory 2003-002 : Tritanium Bulletin Board -
daemon@ATHENA.MIT.EDU (Virginity Security)
Fri Oct 31 17:51:44 2003
Date: 31 Oct 2003 21:59:44 -0000
Message-ID: <20031031215944.3041.qmail@sf-www1-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Virginity Security <advisory@konfiweb.de>
To: bugtraq@securityfocus.com
- - - --------------------------------------------------------------------
Virginity Security Advisory 2003-002
- - - --------------------------------------------------------------------
DATE : 2003-10-31 22:59 GMT
TYPE : remote
VERSIONS AFFECTED : <== Tritanium Bulletin Board 1.2.3 (http://www.tritanium-scripts.com/)
AUTHOR : Virginity
- - - --------------------------------------------------------------------
Description:
I found a security bug in Tritanium Bulletin Board:
Normal Users can read the content of Threads to which they have no access rights!
(and can answer to it which may be a problem if the internal forum has the right to insert html code)
Author of the Software has been notified.
- - - --------------------------------------------------------------------
Example:
http://[target].com/[path]/index.php?faction=reply&thread_id=[ID OF THE THREAD TO READ]&forum_id=[ID OF FORUM]&sid=[your sid]
Shows the window where The Attacker can answer to the topic and below that a window with the content of the thread!!!
The Attacker can easily read all protected Threads since the thread_id is counted for every forum newly so just put from 1 on upwards :-)
- - - --------------------------------------------------------------------
Solution:
Hey sorry this time i had no time for a solution :-)
- - - --------------------------------------------------------------------
