bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/37989.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

30 lines
No EOL
714 B
Text
Raw Blame History

# Exploit Title: IP.Board 4.X Stored XSS
# Date: 27-08-2015
# Software Link: https://www.invisionpower.com/
# Exploit Author: snop.
# Contact: http://twitter.com/rabbitz_org
# Website: http://rabbitz.org
# Category: webapps
1. Description
A registered or non-registered user can create a calendar event
including malicious JavaScript code who will be permanently stored in
the pages source.
2. Proof of Concept
http://URL_TO_FORUM/calendar/submit/?calendar=1
POST:
Affected Paramter: event_location[address][]
3. Solution
Update to version 4.0.12.1
https://community.invisionpower.com/release-notes/40121-r22/
Disclosure Timeline
27.07.15: Vendor notified
05.08.15: Fix released
27.08.15: Public disclosure
Reference in a new issue View git blame Copy permalink