|
|
Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON: msg#00348security.bugtraq
Hello! This is a vulnerability of Ikonboard 2.1.9 (possible other versions, probably all 2.x.x versions) when HTML is ON. Everyone can post a script that allows him to save the username and password of everyone who views the post and has Javascript enabled. The pw is stolen by 2 scripts: 1 php script on my server, call it grap.php. If this file is opened like this: grap.php?user=STOLENUSERNAME&pass=STOLENPASSWORD, it saves user and pass in a file on my server. and: 1 javascript that is posted in the body of a post in the Ikonboard. It reads the cookie, extracts the username out of the cookie into the variable X , the password into the variable Y and opens a popup with the location being http://www.myserver.com/grap.php?user=X&pass=Y. The php script saves user and pass now. Stefan Walk |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | IRIX hpsnmpd vulnerability: 00348, SGI Security Coordinator |
|---|---|
| Next by Date: | A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution: 00348, Marcell Fodor |
| Previous by Thread: | IRIX hpsnmpd vulnerabilityi: 00348, SGI Security Coordinator |
| Next by Thread: | A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution: 00348, Marcell Fodor |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |