Page Index Toggle Pages: 1
Topic Tools
Normal Topic possible security vulnerability (Read 1,725 times)
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: possible security vulnerability
Reply #1 - Feb 12th, 2012 at 12:52pm
Post Tools
2.5 doesn't seem to do this. I don't get an email address from the error listed. but perhaps shutting off the forgotten password for the admin id with an if statement in the register or loginout pl files may fix that.
  

   
Back to top
IP Logged
 
Bee Bay
YaBB Newcomer
*
Offline



Posts: 3
possible security vulnerability
Feb 12th, 2012 at 11:27am
Post Tools
Hi, I hope this is the right place to post this, and that it is in fact useful for you.

Conditions Required

* mail sending mechanism requires from address
* from address is empty

Exploit

* logout if not already
* click Forgot password?
* enter admin as the User Id and click Send
* read the subsequent error message to get
** the email address of admin
** a link with which to change the admin's password to one of your choosing
* go back to Login and should be able to log in as admin


I discovered this by chance whilst helping out a friend with their YaBB2.3 installation.  I've only tested it on v2.3 and I couldn't replicate it on my own 2.3 install presumably because it's on different hosting and thus using different a different mail sending mechanism/settings.  Naturally we're avoiding it by entering valid email addresses in Admin Center > Advanced Settings > Email but I thought I should mention it all the same.

For obvious reasons I don't want to provide our live example.  However, I have pasted the error text below.

cheers
Flo

Quote:
An Error Has Occurred!

Error: SMTP Error
The 'From' variable (sender address) is empty and is needed in the SMTP protocol

S:220 fiann.pair.com ESMTP Postfix
C:EHLO 127.0.0.1
S:250 fiann.pair.com -
S:250 PIPELINING -
S:250 SIZE 41943040 -
S:250 ETRN -
S:250 STARTTLS -
S:250 ENHANCEDSTATUSCODES -
S:250 8BITMIME -
S:250 DSN
C:MAIL FROM: <>
S:250 2.1.0 Ok
C:RCPT TO:
S:250 2.1.5 Ok
C:DATA
S:354 End data with .
C:To: ************@**********.com
C:Date: Sun, 12 Feb 2012 03:15:07 +0000
C:From: ***** Forum
C:X-Mailer: YaBB SMTP
C:Subject: Password ***** Forum: ********
C:Content-Type: text/plain; charset=ISO-8859-1
C:Dear ********, This reminder was requested by a visitor at ***** Forum. If you did not submit a request to reset your password, then please ignore this Email. Otherwise, go here to reset your password: [*** LINK REMOVED ***] Regards, The ***** Forum team
C:.
C:QUIT
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top