[24771] in bugtraq
CSS in ikonboard 3.0.1,3.0.2,3.0.3
daemon@ATHENA.MIT.EDU (Max Speed)
Thu Mar 21 02:30:46 2002
Date: 20 Mar 2002 05:14:27 -0000
Message-ID: <20020320051427.7576.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Max Speed <maxspeed017@hotmail.com>
To: bugtraq@securityfocus.com
author: Maxspeed
vendor statues: they have been informed
Vulnerable versions: ikonboard 3.0.1
ikonboard 3.0.2
ikonboard 3.0.3(the version they
use on their site)
Severity: Malicious users can steal session cookies,
allowing administrative access to the admin panel
Problem:
Ok the problem is in the way the [img] tags check for
the "http://". The [img] tags checks for the "http://"
when you posting a new topic but it doesnt check for
it while your editing one. So it will allow you to insert
malacious code while you editing a post.
Proof of concept:
Make a new post, then "EDIT" the post and in the
body of the post insert this code
[IMG]javascript:alert(document.cookie)[/IMG]
an alert box should pop up displaying your cookies!
Fix:
make [IMG] tags check for "http://" when editing a
post.
Maxspeed017@yahoo.com
