AOH :: HP Unsorted I :: B1A-1261.HTM

Invision Power Board - stored Cross site Scripting



Invision Power Board - stored Cross site Scripting
Invision Power Board - stored Cross site Scripting



[MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting=0D
=0D
Details=0D
========0D
Product: Invision Power Board=0D
Security-Risk: moderated=0D
Remote-Exploit: yes=0D
Vendor-URL: http://www.invisionpower.com=0D 
Vendor-Status: informed=0D
Advisory-Status: published=0D
=0D
Credits=0D
=============0D
Discovered by: David Vieira-Kurz=0D
http://www.majorsecurity.info/penetrationstest.php=0D 
=0D
=0D
Affected Products:=0D
----------------------------=0D
Invision Power Board 3.0.5 and prior=0D
=0D
Introduction=0D
=============0D
Invision Power Board is a widely used forums script.=0D
=0D
More Details=0D
=============0D
Input passed to the calendar app (which is one of the core modules inside invision power board) is not properly sanitised before being stored and returned to the user.=0D
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.=0D
The calendar can be shown on every page of the invision board, so that in fact this is a serious security issue.=0D
=0D
Solution=0D
==============0D
Web applications should never trust on user generated input and therefore sanatize all input.=0D
=0D
MajorSecurity=0D
=================0D
MajorSecurity is a German penetrationtesting and security research company which focuses=0D
on web application security. We offer professional penetrationstest, security audits,=0D
source code reviews. 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.