Ikonboard 3.1.1 multiple crossite scriptings

2002-12-09T00:00:00
ID SECURITYVULNS:DOC:3843
Type securityvulns
Reporter Securityvulns
Modified 2002-12-09T00:00:00

Description

Ikonboard 3.1.1

There are few ways to insert HTML tags into board content.

  1. Via Photo URL.

In profile user can set URL of photo. It's possible to insert URL like

javascript:alert(document.cookie)

Javascript will be triggered if someone accesses user's profile.

  1. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via Proxy, X-Forwarded-For: request header is seen instead of proxy IP. X-Forwarded-For is shown without filtering. Length is limited to 16 characters, but it's still possible do something interesting with 2 requests <script>/ and /<script>.

Vendor was contacted November, 29 with no reply.

-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)