# Date: 24.03.2012
# Author: Flexxpoint and Sony
# Software Link: http://www.invisionpower.com/products/board/
# Web Browser : Mozilla Firefox
# Blog Flexxpoint : http://flexxpoint.blogspot.com/
# Blog Sony : http://st2tea.blogspot.com/
# Site : http://insecurity.ro
..................................................................
Well, we have an interesting xss in Invision Power Board. But i can not say which versions 100% may be vulnerable.
Personal Messenger-->Compose New-Other Recipients=our xss code. Press Button Preview or Send Message.
Webmoney.
http://forum.webmoney.ru/
http://forum.webmoney.ru/index.php?app=members&module=messaging§ion=send&do=send
DrWeb.
http://forum.drweb.com/index.php?
http://forum.drweb.com/index.php?app=members&module=messaging§ion=send&do=send
http://forum.drweb.com/index.php?app=members&module=messaging
This is just another XSS hole that was fixed from Invision Power on 14.03.2012 but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.
Pcworld.com
(IP.Board 3.1.4)
http://forums.pcworld.com/index.php?app=members&module=messaging§ion=send&do=send
Governmentsecurity.org
http://www.governmentsecurity.org/forum/index.php?app=members&module=messaging§ion=send&do=send
etc..a lot of web sites..
This is not a critical bug,but it's a bug....
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.