AOH :: HP Unsorted I :: BU-1186.HTM

IPB v2.x up to 3.0.4 XSS vulnerability



IPB v2.x up to 3.0.4 XSS vulnerability
IPB v2.x up to 3.0.4 XSS vulnerability



[+] Invision Power Board XSS vulnerability

	Software : Invision Power Board (IPB)
	Affected : IPB v2.x up to v3.0.4 (prior versions might be vulnerable as well)
	Remote   : Yes
	Required : Internet Explorer +5.0
Vendor : http://www.invisionpower.com/ 
	Download : Commercially available
	Author   : Xacker
	Contact  : N/A
Blog : http://xacker.wordpress.com 
	Website  : N/A


[+] Technical details

	IP.Board is prone to XSS attacks through maliciously crafted *.txt
files attachments. An attacker has to convince a user to view the
malicious file in order to run the evil code.

	The only browser found affected is Internet Explorer +5.0, other
browsers (FF/Chrome/Opera..) seems to handle the issue correctly (or
simply blindly?)

	IP.Board v2.x set the MIME-type of *.txt files to
(application/x-dirview). If the *.txt file contains JavaScript/HTML it
will simply be parsed on IE +5.

	IP.Board v3.0.4 (and prior) seems to check the content of the files
before permitting them, tags like " , 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.