Информационная безопасность
[RU] switch to English


Дополнительная информация

  межсайтовый скриптинг в Ikonboard (crossite scripting)

  SECURITY.NNOV: ikonboard 3.1.1 CSS

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:9 декабря 2002 г.
Subject:Ikonboard 3.1.1 multiple crossite scriptings


Ikonboard 3.1.1

 There are few ways to insert HTML tags into board content.

 1. Via Photo URL.

 In profile user can set URL of photo. It's possible to insert URL like

 javascript:alert(document.cookie)

 Javascript will be triggered if someone accesses user's profile.

 2. Via X-Forwarded-For: header.

 User's  IPs  are  available  for admin. If user accesses Ikonboard via
 Proxy,  X-Forwarded-For:  request  header is seen instead of proxy IP.
 X-Forwarded-For  is  shown  without filtering. Length is limited to 16
 characters,  but  it's  still possible do something interesting with 2
 requests <script>/* and */<script>.

Vendor was contacted November, 29 with no reply.
 
--
http://www.security.nnov.ru
        /\_/\
       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                   |/
You know my name - look up my number (The Beatles)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород