Home » 2009 » December » 10 » IPB v2.x up to 3.0.4 XSS vulnerability
1:55 PM
IPB v2.x up to 3.0.4 XSS vulnerability
[+] Invision Power Board XSS vulnerability

       Software : Invision Power Board (IPB)
       Affected : IPB v2.x up to v3.0.4 (prior versions might be vulnerable as well)
       Remote   : Yes
       Required : Internet Explorer +5.0
       Vendor   : http://www.invisionpower.com/
       Download : Commercially available
       Author   : Xacker
       Contact  : N/A
       Blog     : http://xacker.wordpress.com
       Website  : N/A


[+] Technical details

       IP.Board is prone to XSS attacks through maliciously crafted *.txt
files attachments. An attacker has to convince a user to view the
malicious file in order to run the evil code.

       The only browser found affected is Internet Explorer +5.0, other
browsers (FF/Chrome/Opera..) seems to handle the issue correctly (or
simply blindly?)

       IP.Board v2.x set the MIME-type of *.txt files to
(application/x-dirview). If the *.txt file contains JavaScript/HTML it
will simply be parsed on IE +5.

       IP.Board v3.0.4 (and prior) seems to check the content of the files
before permitting them, tags like "<body> , <script> , etc.." are
flagged *dangerous* any file containing any of them simply fail to be
uploaded. The filter itself is weak, to escape it I provide a
proof-of-concept code below.


[+] Exploit

       ------------------------------
--->8---------------------------------
       <span onmouseover="javascript:alert('XSS');function
fakeLoginPage(){...}">move your mouse pointer here</span>
       ---------------------------------8<---------------------------------

       fakeLoginPage() function can be used to rewrite the whole page,
faking a login page through an embedded iframe.


[+] Fix

       Simply change MIME-type of *.txt files (and any other similar
formats) to (text/plain).


[+] Note

       IP.Board technical staff has been notified of the issue and a fix has
been released couple of days ago:
       http://community.invisionpower.com/topic/300051-invision-power-board-305-released/
Views: 53386 | Added by: b1zz4rd | Rating: 0.0/0
Total comments: 1071 2 3 ... 10 11 »
107  
Hi new blog
http://titties.picrobot.xyz/?post-sydney
free downloads adult porn porn star studio arizona address jax beach porn tentical porn hentai best free porn 10

106  
Started untrodden spider's web stand out
http://euro.tits.epornstar.xyz/?entry-jimena
enema teen porn free porn tube enema explosion top best porn sites nicole moorejew porn stacy adams porn video

105  
Hi supplementary website
http://engines.telrock.org/?entry-meagan
online watched porn soft porn streaming old amateur home free porn videos free big busty threesome porn free midget porn tgp

104  
Started unusual spider's web predict
http://kitty.cat.vedomosti.xyz/?post.myra
1950 classic porn porn abbit porn sharia free lesbian action porn office girls girls doing porn

103  
New devise
http://boobs.teenax.xyz/?post-nyla
top ratdd vintage tube porn sites 3g free porn girl fucking dog sick porn tgp soft porn moies pro images porn

102  
Study my altered contract
http://bbw.girls.porngalleries.top/?post.mandy
youtube format gay porn ayler lie porn intporn hot blondes in porn mum and son porn video plastic knickers free porn photos

101  
Hi reborn website
http://chubby.feed.bdsmsex.top/?entry.kiana
porn stars of spain nasty porn compilations free cute little porn pics bbw nasty porn vidoes hawaiian girl porn

100  
My contemporary time
http://titties.picrobot.xyz/?post-melina
what is a good porn movie free lol porn kianna porn tube pokemon porn of may dutch wife swap video porn

99  
http://www.ti-auto.ru/ - твари ломают машины
[b]info@ti-auto.ru[/b]

98  
Really Gr8 ! Thanks For sharing..

1-10 11-20 21-30 ... 91-100 101-107
Name *:
Email *:
Code *: