HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #64
From team h4ck!nb3rg
New advisory by : churchy
Affected service(s): ultrashare
Severity [lmh] : low
Ok, this vuln is sooo severe that it's the end of the app as we know it :)
===== Problem =====
There is a principal design error throughout the whole application. The application is vulerable to XSRF attacks. This enables an attacker, if he or she can convince the attacked person (f.e. the admin) to click on a link or visit a prepared site, to exec
te actions in the name of the affected user. This enables for example to delete users or files because of the lack of a temporary session parameter used beside and independent from the session id (cookie).
===== Impact =====
As described above (delete users and files).
===== Fix =====
The fix must be implemented rather generally for all sites where a login is necessary. Therefore a fix in form of code can hardly be given. We hope that it is counted although, as it is a vuln that "professional sites" like banking sites, etc. should not
e vulnerable to.
You should implement an additional temporaray session parameter (e.g. additional to the cookie) that changes every time you access a certain site.So an attacker can not prepare a link or form that the victim submits automatically.
PS: We are havin' Pizza now, we will be back in 20min :)
Rating
[4] Cool. I was not aware of this bug