Vulners
Lucene search
ipb.2.1-english.txt
`Fast translation of benji's advisory
*******************************************************************************
Author : benjilenoob
WebSite : http://benji.redkod.org/ and http://www.redkod.org/
Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf
Product : Invision power board
Version : 2.1
Tisk : Low. XSS
I- XSS non critical:
--------------------
1. Input passed to the $address variable isn't properly verified in
the administrative section.
This can be exploited by providing a valid login, and javascript
code in the variable.
The code will be executed in a user's browser session in context of
an affected site.
PoC:
http://localhost/2p1p0b3/upload/admin.php?adsess=[xss]&act=login&code=login-complete
This could be exploited to steal cookie information.
2. Input passed to the "ACP Notes" textarea field in the administrative
section isn't properly verified.
This can be exploited to insert javascript code in the notes.
The code will be executed in a user's browser session in context of
an affected site.
PoC:
</textarea>'"/><script>alert(document.cookie)</script>
3. Input passed to the "Member's Log In User Name", "Member's Display
Name", "Email Address contains...", "IP Address contains...",
"AIM name contains...", "ICQ Number contains...", "Yahoo! Identity
contains...", "Signature contains...",
"Less than n posts", "Registered Between (MM-DD-YYYY)", "Last Post
Between (MM-DD-YYYY)" and
"Last Active Between (MM-DD-YYYY)" members profiles parameters in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
4. Non-permanent XSS:
http://localhost/2p1p0b3/upload/admin.php?adsess=[id]§ion=content&act=forum&code=new&name=[xss]
5. Non-permanent XSS after administrative login:
http://localhost/2p1p0b3/upload/admin.php?name=[xss]&description=[xss]
6. Input passed to the "description" field of a "Component" in the
"Components" section of the administrative section isn't properly verified.
This can be exploited to insert javascript code.
PoC:
</textarea>'"/><script>alert()</script>
7. Input passed to the "Member Name", "Password", "Email Address" fields
of a new member's profile in the administrative section isn't properly
verified.
This can be exploited to insert javascript code.
8. Input passed to the "Group Icon Image" field of a new Group in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
9. Input passed to the "Calendar: Title" of a new Calendar in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
Benji
Team RedKod
http://www.redkod.org/
*******************************************************************************
Regards,
/JA
http://www.securinfos.info
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4