NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2004-q1

[SA11053] Invision Power Board Cross-Site Scripting Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Mar 08 2004 - 03:44:07 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Invision Power Board Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA11053

VERIFY ADVISORY:
http://secunia.com/advisories/11053/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
Invision Power Board 1.x

DESCRIPTION:
Rafel Ivgi has discovered multiple vulnerabilities in Invision Power
Board, allowing malicious people to conduct cross-site scripting
attacks.

The vulnerabilities are caused due to missing validation of input
passed to the "c", "showtopic", "f", "showuser", and "username"
parameters. These can be exploited to execute arbitrary HTML and
script code in a user's current browser session in context of a
vulnerable site.

Examples:
http://[host]/?c='><script>alert(document.domain)</script>
http://[host]/?showtopic='><script>alert(document.domain)</script>
http://[host]/?act=SR&f='><script>alert(document.cookie)</script>
http://[host]/?showuser='><script>alert(document.cookie)</script>
http://[host]/index.php?act=Reg&CODE=2&coppa_user=0&UserName='><script>alert(document.cookie)</script>

Successful exploitation may result in exposure of various information
(eg. cookie-based authentication information) associated with the
site running Invision Power Board or inclusion of malicious content,
which the user thinks is part of the real website.

The vulnerabilities have been reported in version 1.3 Final. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that user input is properly
sanitised.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Rafel Ivgi

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]