BugTraq
SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings Dec 09 2002 01:49PM
3APA3A (3APA3A SECURITY NNOV RU)

Ikonboard 3.1.1

There are few ways to insert HTML tags into board content.

1. Via Photo URL.

In profile user can set URL of photo. It's possible to insert URL like

javascript:alert(document.cookie)

Javascript will be triggered if someone accesses user's profile.

2. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: header is shown instead of proxy IP without
filtering. Length is limited to 16 characters, but it's still possible
do something interesting with 2 requests <script>/* and */<script>.

Vendor was contacted November, 29 with no reply.

--
http://www.security.nnov.ru
/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus