YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Page Index Toggle Pages: 1
Topic Tools
 
possible security vulnerability (Read 1,093 times)
 Feb 12th, 2012 at 11:27am
There are no actions to perform.  

Bee Bay 
YaBB Newbie
*
Offline
Posts: 3


None
possible security vulnerability
Hi, I hope this is the right place to post this, and that it is in fact useful for you.

Conditions Required

* mail sending mechanism requires from address
* from address is empty

Exploit

* logout if not already
* click Forgot password?
* enter admin as the User Id and click Send
* read the subsequent error message to get
** the email address of admin
** a link with which to change the admin's password to one of your choosing
* go back to Login and should be able to log in as admin


I discovered this by chance whilst helping out a friend with their YaBB2.3 installation.  I've only tested it on v2.3 and I couldn't replicate it on my own 2.3 install presumably because it's on different hosting and thus using different a different mail sending mechanism/settings.  Naturally we're avoiding it by entering valid email addresses in Admin Center > Advanced Settings > Email but I thought I should mention it all the same.

For obvious reasons I don't want to provide our live example.  However, I have pasted the error text below.

cheers
Flo

Quote:
An Error Has Occurred!

Error: SMTP Error
The 'From' variable (sender address) is empty and is needed in the SMTP protocol

S:220 fiann.pair.com ESMTP Postfix
C:EHLO 127.0.0.1
S:250 fiann.pair.com -
S:250 PIPELINING -
S:250 SIZE 41943040 -
S:250 ETRN -
S:250 STARTTLS -
S:250 ENHANCEDSTATUSCODES -
S:250 8BITMIME -
S:250 DSN
C:MAIL FROM: <>
S:250 2.1.0 Ok
C:RCPT TO:
S:250 2.1.5 Ok
C:DATA
S:354 End data with .
C:To: ************@**********.com
C:Date: Sun, 12 Feb 2012 03:15:07 +0000
C:From: ***** Forum
C:X-Mailer: YaBB SMTP
C:Subject: Password ***** Forum: ********
C:Content-Type: text/plain; charset=ISO-8859-1
C:Dear ********, This reminder was requested by a visitor at ***** Forum. If you did not submit a request to reset your password, then please ignore this Email. Otherwise, go here to reset your password: [*** LINK REMOVED ***] Regards, The ***** Forum team
C:.
C:QUIT
 
 
IP Logged  
 Reply #1 - Feb 12th, 2012 at 12:52pm
There are no actions to perform.  

BloodyRue 
Junior Member
**
Offline
Posts: 83


YaBB 2.5
Re: possible security vulnerability
2.5 doesn't seem to do this. I don't get an email address from the error listed. but perhaps shutting off the forgotten password for the admin id with an if statement in the register or loginout pl files may fix that.
 
...    ...
WWW MVMB1  
IP Logged  
Page Index Toggle Pages: 1
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.