Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON

[Stefan Walk <kyrael () web de>]

Hello! 
This is a vulnerability of Ikonboard 2.1.9 (possible other versions, probably all 2.x.x versions) when HTML is ON.
Everyone can post a script that allows him to save the username and password of everyone who views the post and has 
Javascript enabled.

The pw is stolen by 2 scripts:
1 php script on my server, call it grap.php. If this file is opened like
this: grap.php?user=STOLENUSERNAME&pass=STOLENPASSWORD, it saves user
and pass in a file on my server.
and:
1 javascript that is posted in the body of a post in the Ikonboard.
It reads the cookie, extracts the username out of the cookie into the
variable X , the password into the variable Y and opens a popup with the
location being http://www.myserver.com/grap.php?user=X&pass=Y. The php
script saves user and pass now.


Stefan Walk