SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Ikonboard Vendors:   Ikonboard.com
Ikonboard Bulletin Board Does Not Filter HTML IMG Tags for Javascript, Allowing Cross Site Scripting Attacks
SecurityTracker Alert ID:  1002654
SecurityTracker URL:  http://securitytracker.com/id/1002654
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 29 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.1.9 Beta
Description:   SecuriTeam reported a cross site scripting vulnerability in Ikonboard. Remote users can insert Javascript into bulletin board messages that will be executed when another user views the message.

It is reported that a remote user can place JavaScript between HTML IMG tags to bypass the HTML filtering. When another user views the message, the JavaScript will be executed.

An example of a tag that will bypass the filtering is provided:

<IMG>javascript:alert('This is the test')</img>

SecuriTeam indicates that this was originally reported by Thatsmej <thatsmej@whizkunde.org>.

Impact:   A remote user can insert Javascript into bulletin board messages that will be executed by another user's browser when the other user views the message. The code will appear to originate from the bulletin board and may be able to access cookies and other information.
Solution:   It is reported that this has been fixed in Ikonboard version 3.0 beta 7.
Vendor URL:  www.ikonboard.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [UNIX] JavaScript Insertion in phpBB and Ikonboard Bulletin Boards (IMG, CSS)


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -



  JavaScript Insertion in phpBB and Ikonboard Bulletin Boards (IMG, CSS)
------------------------------------------------------------------------


SUMMARY

 <http://www.phpbb.com/> phpBB is a high powered, fully scalable, and 
highly customizable forums package.  <http://www.ikonboard.com/> Ikonboard 
is a comprehensive web bulletin board system. Both products contain a 
Cross Site Scripting vulnerability that allows attackers to insert 
JavaScript code (and other HTML code) into existing messages, bypassing 
the internal JavaScript/HTML code stripper.

DETAILS

Vulnerable systems:
Ikonboard version 2.1.9 Beta 
phpBB Version 1.4.2 

Immune systems:
Ikonboard version 3.0 beta 7

When using JavaScript between [img] tags the JavaScript will be executed, 
for example:
[img]javasCript:alert('This is the test')[/img]
This will cause a popup with a message saying, "This is the test".
 
Possible solution:
Searching the image URL for the text "javascript:" should solve the 
problem.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:thatsmej@whizkunde.org> 
Thatsmej.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC