Invision Power Board 3.2.3 Cross Site Scripting

2012-03-15T00:00:00
ID PACKETSTORM:110841
Type packetstorm
Reporter Vasil A.
Modified 2012-03-15T00:00:00

Description

                                        
                                            `Name : Cross-site scripting vulnerability in Invision Power Board version 3.2.3  
Software : Invision Power Board version 3.2.3  
Vendor Homepage : http://www.invisionpower.com  
Vulnerability Type : Cross-site scripting  
Researcher : Vasil A. xss@9y.com  
  
Description  
--------------------  
Invision Power Board (abbreviated IPB, IP.Board or IP Board) is an  
Internet forum software produced by Invision Power Services, Inc. It  
is written in PHP and primarily uses MySQL as a database management  
system, although support for other database engines is available.  
  
Details  
--------------------  
IP Board is affected by a Cross-site scripting vulnerability in version 3.2.3.  
  
Example PoC url is as follows :  
  
http://example.com/forums/index.php?showforum=53"><script>with(document)alert(cookie)</script>  
  
Additional notes:  
1.If a forum contain sub-forums this vulnerability don't exist.  
  
2.Most of boards uses "Friendly Url style",but the attack can be  
performed by using "legacy URL style" in the query,e.g :  
  
http://example.com/forum/index.php?showforum=2"><script>alert(/xss/.source)</script>  
  
instead:  
  
http://example.com/forum/index.php?/forum/2-example/  
  
Solution  
--------------------  
The vendor issued patch for this vulnerability. Please see the references.  
  
Advisory Timeline  
--------------------  
10/03/2012 - First contact: Sent the vulnerability details  
12/03/2012 - Second contact: Ask for patch  
14/03/2012 - Vulnerability Fixed  
15/03/2012 - Vulnerability Released  
  
Credits  
-------------------  
It has been discovered on testing of Netsparker, Web Application  
Security Scanner - http://www.mavitunasecurity.com/netsparker/.  
`