what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

6kbbs 8.0 Cross Site Request Forgery

6kbbs 8.0 Cross Site Request Forgery
Posted Apr 5, 2015
Authored by Wang Jing

6kbbs versions 7.1 and 8.0 suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 0c9e66cb755adde344147d02168225531320055d5a526a8ed1e3d9a9f0afe928

6kbbs 8.0 Cross Site Request Forgery

Change Mirror Download
*6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities*


Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]
CVE Reference: *
CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University
(NTU), Singapore]







*Suggestion Details:*


*(1) Vendor & Product Description:*


*Vendor:*
6kbbs



*Product & Vulnerable Versions:*
6kbbs
v7.1
v8.0



*Vendor URL & download:*
6kbbs can be gain from here,
http://www.6kbbs.com/download.html
http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/



*Product Introduction Overview:*
"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the
code simple, easy to use, powerful, fast and so on. It is an excellent
community forum program. The program is simple but not simple; fast, small;
Interface generous and good scalability; functional and practical pursuing
superior performance, good interface, the user's preferred utility
functions."

"1, using XHTML + CSS architecture, so that the structure of the page,
saving transmission static page code, but also easy to modify the
interface, more in line with WEB standards; 2, the Forum adopted Cookies,
Session, Application and other technical data cache on the forum, reducing
access to the database to improve the performance of the Forum. Can carry
more users simultaneously access; 3, the data points table function, reduce
the burden on the amount of data when accessing the database; 4, support
for multi-skin style switching function; 5, the use of RSS technology to
support subscriptions forum posts, recent posts, user's posts; 6, the
display frame mode + tablet mode, the user can choose according to their
own preferences to; 7. forum page optimization keyword search, so the forum
more easily indexed by search engines; 8, extension, for our friends to
provide a forum for a broad expansion of space services; 9, webmasters can
add different top and bottom of the ad, depending on the layout; 10, post
using HTML + UBB way the two editors, mutual conversion, compatible with
each other; ..."




*(2) Vulnerability Details:*
6kbbs web application has a security bug problem. It can be exploited by
CSRF (Cross-Site Request Forgery) attacks. This may allow an attacker to
trick the victim into clicking on the image to take advantage of the trust
relationship between the authenticated victim and the application. Such an
attack could trick the victim into creating files that may then be called
via a separate CSRF attack or possibly other means, and executed in the
context of their session with the application, without further prompting or
verification.

Several 6kbbs products 0-day vulnerabilities have been found by some other
bug hunter researchers before. 6kbbs has patched some of them. Open Sourced
Vulnerability Database (OSVDB) is an independent and open-sourced database.
The goal of the project is to provide accurate, detailed, current, and
unbiased technical information on security vulnerabilities. The project
promotes greater, open collaboration between companies and individuals. It
has published suggestions, advisories, solutions details related to 6kbbs
vulnerabilities.


*(2.1) *The first code programming flaw occurs at
"/portalchannel_ajax.php?" page with "&id" and &code" parameters in HTTP
$POST.

*(2.2) *The second code programming flaw occurs at "/admin.php?" page with
"&fileids" parameter in HTTP $POST.






*References:*
http://www.tetraph.com/security/csrf-vulnerability/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/04/6kbbs-v80-multiple-csrf-cross-site.html
http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/
https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://packetstormsecurity.com/files/authors/11270
http://www.osvdb.org/show/osvdb/105842
http://milw00rm.com/exploits/7889




--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close