|
----- Original Message ----- From: "3APA3A" <3APA3A@SECURITY.NNOV.RU> To: "bugtraq" <bugtraq@SECURITY.NNOV.RU>; <bugtraq@securityfocus.com> Sent: Monday, December 09, 2002 5:49 AM Subject: SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings > > Ikonboard 3.1.1 > > There are few ways to insert HTML tags into board content. > > 1. Via Photo URL. > > In profile user can set URL of photo. It's possible to insert URL like > > javascript:alert(document.cookie) > > Javascript will be triggered if someone accesses user's profile. > > 2. Via X-Forwarded-For: header. > > User's IPs are available for admin. If user accesses Ikonboard via > Proxy, X-Forwarded-For: header is shown instead of proxy IP without > filtering. Length is limited to 16 characters, but it's still possible > do something interesting with 2 requests <script>/* and */<script>. > > Vendor was contacted November, 29 with no reply. > > -- > http://www.security.nnov.ru > /\_/\ > { , . } |\ > +--oQQo->{ ^ }<-----+ \ > | ZARAZA U 3APA3A } > +-------------o66o--+ / > |/ > You know my name - look up my number (The Beatles) >