Invision Power Board moderate.php Arbitrary Code Execution

2006-05-17T13:47:36
ID OSVDB:25667
Type osvdb
Reporter GulfTech Research And Development()
Modified 2006-05-17T13:47:36

Description

Vulnerability Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate the 'df' variable in a "preg_replace()" call in the action_public/moderate.php script. This could allow a user to inject and execute arbitrary PHP code via the "e" pattern modifier, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

Short Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate the 'df' variable in a "preg_replace()" call in the action_public/moderate.php script. This could allow a user to inject and execute arbitrary PHP code via the "e" pattern modifier, leading to a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://forums.invisionpower.com/index.php?showtopic=215527 Secunia Advisory ID:20158 Related OSVDB ID: 25668 Mail List Post: http://attrition.org/pipermail/vim/2006-May/000776.html Keyword: 21012.60516.s. ISS X-Force ID: 26541 FrSIRT Advisory: ADV-2006-1859 CVE-2006-2498 Bugtraq ID: 18040