Lucene search
ipb.2.1-english.txt
Fast translation of benji's Invision Power Board 2.1 advisory, low risk XS
Show more
`Fast translation of benji's advisory
*******************************************************************************
Author : benjilenoob
WebSite : http://benji.redkod.org/ and http://www.redkod.org/
Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf
Product : Invision power board
Version : 2.1
Tisk : Low. XSS
I- XSS non critical:
--------------------
1. Input passed to the $address variable isn't properly verified in
the administrative section.
This can be exploited by providing a valid login, and javascript
code in the variable.
The code will be executed in a user's browser session in context of
an affected site.
PoC:
http://localhost/2p1p0b3/upload/admin.php?adsess=[xss]&act=login&code=login-complete
This could be exploited to steal cookie information.
2. Input passed to the "ACP Notes" textarea field in the administrative
section isn't properly verified.
This can be exploited to insert javascript code in the notes.
The code will be executed in a user's browser session in context of
an affected site.
PoC:
</textarea>'"/><script>alert(document.cookie)</script>
3. Input passed to the "Member's Log In User Name", "Member's Display
Name", "Email Address contains...", "IP Address contains...",
"AIM name contains...", "ICQ Number contains...", "Yahoo! Identity
contains...", "Signature contains...",
"Less than n posts", "Registered Between (MM-DD-YYYY)", "Last Post
Between (MM-DD-YYYY)" and
"Last Active Between (MM-DD-YYYY)" members profiles parameters in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
4. Non-permanent XSS:
http://localhost/2p1p0b3/upload/admin.php?adsess=[id]§ion=content&act=forum&code=new&name=[xss]
5. Non-permanent XSS after administrative login:
http://localhost/2p1p0b3/upload/admin.php?name=[xss]&description=[xss]
6. Input passed to the "description" field of a "Component" in the
"Components" section of the administrative section isn't properly verified.
This can be exploited to insert javascript code.
PoC:
</textarea>'"/><script>alert()</script>
7. Input passed to the "Member Name", "Password", "Email Address" fields
of a new member's profile in the administrative section isn't properly
verified.
This can be exploited to insert javascript code.
8. Input passed to the "Group Icon Image" field of a new Group in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
9. Input passed to the "Calendar: Title" of a new Calendar in the
administrative section isn't properly verified.
This can be exploited to insert javascript code.
Benji
Team RedKod
http://www.redkod.org/
*******************************************************************************
Regards,
/JA
http://www.securinfos.info
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo08 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4