Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27973
HistoryApr 23, 2012 - 12:00 a.m.

t3_dbtools_seditio_plugin_CSRF

2012-04-2300:00:00
vulners.com
21
JSON

======================================================================
Vulnerable software: T3 DB Tools Version 1.6 (seditio database management plugin).
Developed by : http://www.t3-design.com/t3-db-tools/ (MD5 SUM: 8ab362601793e238f504783fd9953dd4 *dbtools.rar)

Tested:
php.ini MAGIC_QUOTES_GPC OFF
Safe mode off
/*
OS: Windows XP SP2 (32 bit)
Apache: 2.2.21.0
PHP Version: 5.2.17.17
mysql> select version()
-> ;
±----------+
| version() |
±----------+
| 5.5.21 |
±----------+
*/

About software:

T3 DB Tools
T3 DB Tools is a seditio database management plugin.

Features:
– Backup all or selected tables of your seditio DB.
– Table information and schema.
– Browse tables (experimental)
– Drop, truncate tables.
– Option to export data, structure or both.
– Support for gzip, bzip2 compression of the backups.
– Restore database backup.
– Run custom sed queries.
– Extra security rights.
– Check, analyze, repair and optimize tables.
– Auto create the backup folder and the directory blocker protection.
– 100% ability to translate.
– Easy navigation and event reports.

Vulnerability Desc:
T3 DB Tools Version 1.6 is prone to CROSS SITE REQUEST FORGERY Vulnerability.
It uses $_GET without any tokenization when deals with DANGERIOUS truncate,drop operations on your database.
See:
http://cxsecurity.com/issue/WLB-2012040071 (seditio165 CSRF and remote access to db dump)

======================Workaround=======================================
A) If you found it in your administration section uninstall it immediately.
To do so:
Go to /system/core/admin/
1'st backup dbinc/ directory.(copy to your pc)
Then delete it.
2'nd
Backup admin.dbtools.inc.php too:(copy to your pc)
Then Delete admin.dbtools.inc.php file too.
Or try to uninstall it from Plugins section.
Secure datas/backups directory by placing .htaccess (deny from all) or remove datas/backups/ directory.
(Do not forget backup it too.)
B) Do not install T3 DB Tools.(Otherwise one nice day it'll drop/truncate your database tables)

Note: (Maybe previous versions too affected but not tested)

/AkaStep ^_^

Greetz to all:
packetstormsecurity.*,securityfocus.com,cxsecurity.com,security.nnov.ru,securtiyvulns.com and to all others!

JSON