| VID |
21581 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Invision Power Board software which is older than version 2.0.4 is detected as installed on the host. Invision Power Board is a PHP-based Web forum software package, distributed by Invision Power Services, Inc.. Invision Power Board versions 2.0.3 and earlier could are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) User-supplied input passed through the 'pass_hash' cookie in the 'sources/login.php' script isn't properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) User-supplied input passed to the 'highlite' parameter of the 'sources/search.php' and 'sources/topics.php' scripts isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* Note: This check solely relied on the version number of the Invision Power Board installed on the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.gulftech.org/?node=research&article_id=00073-05052005
http://secunia.com/advisories/15265/
http://www.securitytracker.com/alerts/2005/May/1013863.html
* Platforms Affected:
Invision Power Services, Invision Power Board versions 2.0.3 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of the IPB (2.0.4 or later), available from the Invision Power Services Update site at http://www.invisionpower.com/apps/board/ |
| Related URL |
CVE-2005-1597 (CVE) |
| Related URL |
13529,13532,13534 (SecurityFocus) |
| Related URL |
20445,20446 (ISS) |
|
