 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 54
 Members: 0
 Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Need Fast Help About IPB Highlite XSS |
|
 Posted: Sun Sep 11, 2005 4:45 pm |
 |
|
| marlboro3 |
| Beginner |
 |
|
| Joined: Sep 11, 2005 |
| Posts: 2 |
|
|
|
 |
|
 |
|
Hi all i'm new here and i hope staying there since there quite good stuff !
I'm working on the invision forums XSS that focuses on highlite parameter.
| Quote: | | Invision Power Services, Inc. Invision Power Board versions 2.0.3 and earlier are vulnerable to cross-site scripting caused by improper validation of user-supplied input in the highlite parameter and the sources/topics.php script |
I have tryied random things and all i see is that double hex isn't filtered but i can get server's HTML code modified 
What i've tryed is following:
| Code: | | http://domain/forum/index.php?act=Search&CODE=show&searchid=dc43552081d17e395646f21f969bf139&search_in=posts&result_type=topics&highlite=%3Cscript%3Ealert%28document%2Ecookie%28%29%29%3C%2Fscript%3E+ |
This is modyfying the 'hl' parameter that becomes:
| Code: | | http://domain/forum/index.php?act=Search&CODE=show&searchid=dc43552081d17e395646f21f969bf139&search_in=posts&result_type=topics&highlite=<script>alert(document.cookie())</script>+ |
I don't have the source code of the filtering function so it's quite hard for me to figure it out.
i REALLY need help on this.
thx |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
