English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits IPB Hexadecimal HTML Entities Script Insertion  XML
  [Question]   IPB Hexadecimal HTML Entities Script Insertion 23/06/2006 16:52:05 (+0700) | #1 | 713
[Avatar]
 Z0rr0
Q+WRtaW5pc3RyYXRvc+g
Joined: 14/08/2002 12:52:01
Messages: 1323
Location: Underground
Offline
[Profile] [PM] [WWW] [Yahoo!]
Secunia Advisory: SA20772
Release Date: 2006-06-21

Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

Software: Invision Power Board 2.x

Description:
A vulnerability has been reported in Invision Power Board, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via hexadecimal HTML entities in a post isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.

The vulnerability has been reported in version 2.1.6 and prior for the 2.1.x branch (before 2006-06-19).

Solution:
The vulnerability has been fixed in an updated 2.1.6 version (from 2006-06-19).
http://forums.invisionpower.com/index.php?showtopic=219126

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forums.invisionpower.com/index.php?showtopic=219126
Hibernating
[Up] [Print Copy]
  [Question]   Re: IPB Hexadecimal HTML Entities Script Insertion 23/06/2006 17:04:47 (+0700) | #2 | 714
subnetwork
Member
[Minus]    0    [Plus]
Joined: 05/09/2004 06:08:09
Messages: 1666
Offline
[Profile] [PM] [WWW] [Yahoo!]
Lại là BBCODE, Invision Power Board này đúng củ chuối, chưa đầy 3 tháng xuất hiện 4 cái bug . Bug nào cũng chết người.

Fix IPB 2.1.x Security Update (06-06-19)
Code:
http://d.turboupload.com/d/718129/ipb_patch_60619_s.rar.html


Thank you một cái coi mấy lão smilie
Quản lý máy chủ, cài đặt, tư vấn, thiết kế, bảo mật hệ thống máy chủ dùng *nix
http://chamsocmaychu.com
[Up] [Print Copy]
  [Question]   IPB Hexadecimal HTML Entities Script Insertion 26/06/2006 12:47:06 (+0700) | #3 | 960
+Newbie+
Member
[Minus]    0    [Plus]
Joined: 26/06/2006 01:24:42
Messages: 25
Location: Cần Thơ
Offline
[Profile] [PM]
Mong pác hướng dẫn tụi em cách khai thác lun đi ạ
[Up] [Print Copy]
  [Question]   IPB Hexadecimal HTML Entities Script Insertion 28/06/2006 15:10:28 (+0700) | #4 | 1676
[Avatar]
 badbigboy1
Elite Member
[Minus]    0    [Plus]
Joined: 12/03/2003 16:59:34
Messages: 48
Offline
[Profile] [PM]
Cái bug nè đâu dễ ăn như thế smilie bác Golden Autumn dùng vBB roài mà tâm huyết với IBP nhỉ ?Mong bác update thường xuyên như ngày HVA chứ down 1/5/06 ỵ Bác có thể mở topic chuyên update IBP không ?Chắc chắn thu hút anh em vô đông lặm Em phụ bác một tay là cụng Cám ơn bác

Link RS đây
Code:
http://rapidshare.de/files/23701524/ipb_patch_60619_s.zip.html
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|