Active XSS Vulnerability in IP.Board v2.3.6
A new vulnerability has been discovered in the BBCode parser in the IP.Board forum scripts of the 2.x series. In particular, version 2.3.6 is affected.
The vulnerability exploits an error in processing several tags nested into each other and allows inserting arbitrary HTML and JavaScript code onto forum pages.
update: there was an example of the use of vulnerabilities, removed
')
Malicious code works in signatures. In the body of the message, only a violation of the page markup is possible, javascript events are filtered out. IPS and IBR have been made known, but the reaction has not yet followed. Infa is already spreading on the forums, many have already exploited zaposchen. As a temporary solution, I propose the only option - disable the use of BBCODE in signatures and the acronym tag. Version 3.x vulnerability is not affected.
Source - user fagediba, whose forum was thus hacked: http: // forums.ibresource.ru/index.php?showtopic=60138 (beware of habraeffect!)
update: made a screenshot of the exploited forum - instead of following the link above, you can just watch it under the cut .
ZY And let the IPB-admins reading Habr be warned first.
ZZY The text was compiled by one of the IP.Board administrators of the forums, I personally accepted the difficult decision to post it here.
UPDATE: there was a link to the broken page off. Forum, but it has already been cleaned. However, the conclusion is that IPB v3.x is also exploited.
The vulnerability exploits an error in processing several tags nested into each other and allows inserting arbitrary HTML and JavaScript code onto forum pages.
update: there was an example of the use of vulnerabilities, removed
')
Malicious code works in signatures. In the body of the message, only a violation of the page markup is possible, javascript events are filtered out. IPS and IBR have been made known, but the reaction has not yet followed. Infa is already spreading on the forums, many have already exploited zaposchen. As a temporary solution, I propose the only option - disable the use of BBCODE in signatures and the acronym tag. Version 3.x vulnerability is not affected.
Source - user fagediba, whose forum was thus hacked: http: // forums.ibresource.ru/index.php?showtopic=60138 (beware of habraeffect!)
update: made a screenshot of the exploited forum - instead of following the link above, you can just watch it under the cut .
ZY And let the IPB-admins reading Habr be warned first.
ZZY The text was compiled by one of the IP.Board administrators of the forums, I personally accepted the difficult decision to post it here.
UPDATE: there was a link to the broken page off. Forum, but it has already been cleaned. However, the conclusion is that IPB v3.x is also exploited.
Source: https://habr.com/ru/post/86698/
All Articles