Invision Power Board HTTP Referer XSS

2004-10-06T04:32:22
ID OSVDB:10512
Type osvdb
Reporter Alexander Antipov(antipov@securityLab.ru)
Modified 2004-10-06T04:32:22

Description

Vulnerability Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate information passed from the referer header variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate information passed from the referer header variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

GET /index.php?s=5875d919a790a7c429c955e4d65b5d54&act=Login&CODE=00 HTTP/1.0

Referer: "'/><script>alert()</script>

References:

Secunia Advisory ID:12740 Other Advisory URL: http://www.ptsecurity.ru/advisory.asp Nessus Plugin ID:15425 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0100.html ISS X-Force ID: 17604 CVE-2004-1578 Bugtraq ID: 11332