Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3843
HistoryDec 09, 2002 - 12:00 a.m.

Ikonboard 3.1.1 multiple crossite scriptings

2002-12-0900:00:00
vulners.com
38

Ikonboard 3.1.1

There are few ways to insert HTML tags into board content.

  1. Via Photo URL.

In profile user can set URL of photo. It's possible to insert URL like

javascript:alert(document.cookie)

Javascript will be triggered if someone accesses user's profile.

  1. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: request header is seen instead of proxy IP.
X-Forwarded-For is shown without filtering. Length is limited to 16
characters, but it's still possible do something interesting with 2
requests <script>/* and */<script>.

Vendor was contacted November, 29 with no reply.


http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
±------------o66o–+ /
|/
You know my name - look up my number (The Beatles)