TUCoPS :: Web BBS :: etc :: bt1470.txt

SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings 



----- Original Message ----- 
From: "3APA3A" <3APA3A@SECURITY.NNOV.RU>
To: "bugtraq" <bugtraq@SECURITY.NNOV.RU>; <bugtraq@securityfocus.com>
Sent: Monday, December 09, 2002 5:49 AM
Subject: SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings


> 
> Ikonboard 3.1.1
> 
>   There are few ways to insert HTML tags into board content.
> 
>   1. Via Photo URL.
> 
>   In profile user can set URL of photo. It's possible to insert URL like
> 
>   javascript:alert(document.cookie)
> 
>   Javascript will be triggered if someone accesses user's profile.
> 
>   2. Via X-Forwarded-For: header.
> 
>   User's  IPs  are  available  for admin. If user accesses Ikonboard via
>   Proxy,  X-Forwarded-For:  header  is shown instead of proxy IP without
>   filtering. Length is limited to 16 characters, but it's still possible
>   do something interesting with 2 requests <script>/* and */<script>.
> 
> Vendor was contacted November, 29 with no reply.
>   
> -- 
> http://www.security.nnov.ru
>          /\_/\
>         { , . }     |\
> +--oQQo->{ ^ }<-----+ \
> |  ZARAZA  U  3APA3A   }
> +-------------o66o--+ /
>                     |/
> You know my name - look up my number (The Beatles)
>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH