TBDev - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 01-01-2008 (16th January 2008) (newest) Info: TBDEV.NET is a project to further enhance, update and develop a software (php peer-to-peer) from the original torrentbits/bytemonsoon source code. Credits: InterN0T External Links: http://www.tbdev.net -:: The Advisory ::- Vulnerable Function / ID Calls: returnto Cross Site Scripting: (Sysops / Mods Only!) http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=> http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=>
<< is reflected locally only! 2) http://[HOST]/tbdev/tbdev-01-01-08/my.php -- Avatar field: javascript:alert(0) 2b) Affected Sites by HTML Injection: http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID Internet Explorer 6 and perhaps 7 should be triggered by this. Please see: http://ha.ckers.org/xss.html for more information. Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities) -:: Solution ::- Secure redirection calls with referer headers (just an example) and filter bad characters. Conclusion: This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities. Reference: http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html Disclosure Information: - Vulnerabilities found, researched and confirmed between 5th to 10th June. - Advisory finished and published on InterN0T the 12th June. - Vendor and Buqtraq (SecurityFocus) contacted the 12th June. All of the best, MaXe