Invision Power Board 3.1.x -3.2.x Cross Site Scripting # Exploit Title: Invision Power Board 3.1.x -3.2.x Cross Site Scripting # Date: 24.03.2012 # Author: Flexxpoint and Sony # Software Link: http://www.invisionpower.com/products/board/ # Web Browser : Mozilla Firefox # Blog Flexxpoint : http://flexxpoint.blogspot.com/ # Blog Sony : http://st2tea.blogspot.com/ # Site : http://insecurity.ro Well, we have an interesting xss in Invision Power Board. But i can not say which versions 100% may be vulnerable. Personal Messenger-->Compose New-Other Recipients=our xss code. Press Button Preview or Send Message. Webmoney. http://forum.webmoney.ru/ http://forum.webmoney.ru/index.php?app=members&module=messaging§ion=send&do=send DrWeb. http://forum.drweb.com/index.php? http://forum.drweb.com/index.php?app=members&module=messaging§ion=send&do=send http://forum.drweb.com/index.php?app=members&module=messaging Pcworld.com (IP.Board 3.1.4) http://forums.pcworld.com/index.php?app=members&module=messaging§ion=send&do=send Governmentsecurity.org http://www.governmentsecurity.org/forum/index.php?app=members&module=messaging§ion=send&do=send tc..a lot of web sites.. This is a critical bug? idk..maybe not, maybe yes. Запись от 24 марта англ. (перевод тут не нужен) http://st2tea.blogspot.com/2012/03/invision-power-board-31x-32x-cross-site.html http://st2tea.blogspot.com/
