BID:12607

Invision Power Board SML Code Script Injection Vulnerability

Info

Invision Power Board SML Code Script Injection Vulnerability

Bugtraq ID:	12607
Class:	Input Validation Error
CVE:	CVE-2005-0477
Remote:	Yes
Local:	No
Published:	Feb 21 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery of this vulnerability is credited to Daniel A. hoang yen reported that this issue affects Invision Board 2.0.3.
Vulnerable:	Invision Power Services Invision Board 2.0.3 Invision Power Services Invision Board 1.3.1 Final Invision Power Services Invision Board 1.3 Final Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.2 Invision Power Services Invision Board 1.1.2 Invision Power Services Invision Board 1.1.1 Invision Power Services Invision Board 1.0.1 Invision Power Services Invision Board 1.0

Not Vulnerable:

Discussion

Invision Power Board SML Code Script Injection Vulnerability

Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content.

Since this could permit an attacker to inject hostile JavaScript into the forum system, it is possible to steal cookie credentials or misrepresent site content.

This vulnerability is reported to affect Invision Power Board version 1.3.1; previous versions might also be affected.

Invision Power Board 2.0.3 is also reported vulnerable to this issue.

Exploit / POC

Invision Power Board SML Code Script Injection Vulnerability

The following example is available:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:[code]") [/color]

Solution / Fix

Invision Power Board SML Code Script Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Invision Power Board SML Code Script Injection Vulnerability

References:

Invision Board Homepage (Invision Power Services)
Invision Power Board v2.0.3 XSS vulnerabilities (hoang yen )