|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 139
Members: 0
Total: 139
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Multiple vulnerabilities in PMS for punBB, [NETSEC.LV SA#003 |
|
Posted: Fri Nov 12, 2004 9:21 pm |
|
|
g0df4th3r |
Advanced user |
|
|
Joined: Sep 22, 2004 |
Posts: 52 |
Location: LV |
|
|
|
|
|
|
Code: |
[NETSEC.LV SA#003]
Multiple vulnerabilities in Private Message System for punBB.
=====================
Author: Digital-X
E-Mail: dx_netsec [AT] yahoo [dot] com
Date: 11.11.2004
WWW: http:/www.netsec.lv/
=====================
Affected versions:
*Private Message System v1.1.3 and prior
A. XSS Vulnerability in message_send.php
http://punBB/message_send.php?tid=[XSS]
i.e.- http://punbb/message_send.php?tid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
This vulnerabilitie exist in message_send.php at line - 201.
A. Solution.
Open message_send.php, find line 201 and change this:
<?php echo $_GET['tid'] ?>
to this:
<?php echo intval($_GET['tid']) ?>
B. Arbitrary access to other Private Messages
http://punBB/message_send.php?quote=[ID]
i.e. - http://punBB/message_send.php?quote=10
B. Possible solution:
Open message_send.php, find line 174 and change this:
$result = $db->query('SELECT * FROM '.$db->prefix.'messages WHERE id='.$id)
to this:
$result = $db->query('SELECT * FROM '.$db->prefix.'messages WHERE id='.$id.' AND owner='.$cur_user['id'])
=====================
Vendor contacted no resronse yet
Greetz to Mandarins, g0df4th3r and waraxe
|
|
|
|
|
|
|
|
|
|
Posted: Sat Nov 13, 2004 5:39 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
Good work g0df4th3r Nice |
|
|
|
|
Posted: Sun Nov 14, 2004 3:13 am |
|
|
g0df4th3r |
Advanced user |
|
|
Joined: Sep 22, 2004 |
Posts: 52 |
Location: LV |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|