Ikonboard 3.1.1
There are few ways to insert HTML tags into board content.
In profile user can set URL of photo. It's possible to insert URL like
javascript:alert(document.cookie)
Javascript will be triggered if someone accesses user's profile.
User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: request header is seen instead of proxy IP.
X-Forwarded-For is shown without filtering. Length is limited to 16
characters, but it's still possible do something interesting with 2
requests <script>/* and */<script>.
Vendor was contacted November, 29 with no reply.
–
http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
±------------o66o–+ /
|/
You know my name - look up my number (The Beatles)