Invision Power Board search.php lastdate Variable Arbitrary PHP Code Execution

2006-04-25T08:32:36
ID OSVDB:25005
Type osvdb
Reporter Wells(), IceShaman()
Modified 2006-04-25T08:32:36

Description

Vulnerability Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate the 'lastdate' variable in a "preg_replace()" call in the search.php script. This could allow a user to inject and execute arbitrary PHP code via the "e" pattern modifier, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate the 'lastdate' variable in a "preg_replace()" call in the search.php script. This could allow a user to inject and execute arbitrary PHP code via the "e" pattern modifier, leading to a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://forums.invisionpower.com/index.php?showtopic=213374 Secunia Advisory ID:19830 Related OSVDB ID: 25006 Related OSVDB ID: 25007 Related OSVDB ID: 25008 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0522.html ISS X-Force ID: 26070 Generic Exploit URL: http://www.digitalsec.es/stuff/explt+advs/invvy-v2.pl FrSIRT Advisory: ADV-2006-1534 CVE-2006-2059 Bugtraq ID: 17695