Active XSS Vulnerability in IP.Board v2.3.6
A new vulnerability was discovered in the BBCode parser in the forum scripts of IP.Board line 2.x. In particular, version 2.3.6 is affected.
The vulnerability exploits an error in the processing of several tags embedded in each other and allows you to embed arbitrary HTML and JavaScript code on forum pages.
update: there was an example of using the vulnerability, removed
Malicious code works in signatures. In the body of the message, only a violation of the page layout is possible, javascript events are filtered out. IPS and IBR are notified, but no response has yet been received. Infa is already spreading through the forums, many already have exploit. As a temporary solution, I propose the only option - to disable the use of BBCODE in signatures and the acronym tag. Version 3.x is not affected.
Source - user fagediba, whose forum was thus hacked: http: // forums.ibresource.ru/index.php?showtopic=60138 (beware of habraeffect!)
Update: took a screenshot of the exploited forum - instead of following the link above, You can just watch it under the cut .
Z.Y. And let the IPB admins reading Habr be the first to be warned.
Z.Z.Y. The text was compiled by one of the administrators of the IP.Board forums, I made a difficult decision to post it here.
UPDATE: there was a link to a broken page from off. forum, but it has already been cleaned up. However, the conclusion is that IPB v3.x is also subject to the exploit.
The vulnerability exploits an error in the processing of several tags embedded in each other and allows you to embed arbitrary HTML and JavaScript code on forum pages.
update: there was an example of using the vulnerability, removed
Malicious code works in signatures. In the body of the message, only a violation of the page layout is possible, javascript events are filtered out. IPS and IBR are notified, but no response has yet been received. Infa is already spreading through the forums, many already have exploit. As a temporary solution, I propose the only option - to disable the use of BBCODE in signatures and the acronym tag. Version 3.x is not affected.
Source - user fagediba, whose forum was thus hacked: http: // forums.ibresource.ru/index.php?showtopic=60138 (beware of habraeffect!)
Update: took a screenshot of the exploited forum - instead of following the link above, You can just watch it under the cut .
Z.Y. And let the IPB admins reading Habr be the first to be warned.
Z.Z.Y. The text was compiled by one of the administrators of the IP.Board forums, I made a difficult decision to post it here.
UPDATE: there was a link to a broken page from off. forum, but it has already been cleaned up. However, the conclusion is that IPB v3.x is also subject to the exploit.