TUCoPS :: Web BBS :: etc :: web5196.htm

ikonboard CSS vulnerability leading to admin access
21th Mar 2002 [SBWID-5196]
COMMAND

	ikonboard CSS vulnerability leading to admin access

SYSTEMS AFFECTED

	3.0.1, 3.0.2, 3.0.3

PROBLEM

	Maxspeed found that ikonboard, a  web  bbs  program,  is  vulnerable  to
	cross site scripting, permitting  malicious  attacker  to  access  admin
	panel - and admin rights.
	

	the problem is in the way the [img] tags check for the \"http://\".  The
	[img] tags checks for the \"http://\" when you post a new topic  but  it
	doesnt check for it while your edit one. So it will allow you to  insert
	malacious code while you editing a post.
	

	Proof of concept:
	

	Make a new post, then \"EDIT\" the post and in  the  body  of  the  post
	insert this code
	

	

	[IMG]javascript:alert(document.cookie)[/IMG]

	

	

	an alert box should pop up displaying your cookies!
	

	

SOLUTION

	make [IMG] tags check for \"http://\" when editing a post.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH