Re: IPB v2.x up to 3.0.4 XSS vulnerability

["MustLive" <mustlive () websecurity com ua>]

Hello Bugtraq and Xacker!

As I mentioned at my site (http://websecurity.com.ua/3762/), where I posted
about this XSS vulnerability in Invision Power Board, the fix offered by
Xacker is not effective. And better to use another method of fixing offered
by me.

Author of this advisory said, that in IPB a MIME-type application/x-dirview
is set for txt files. But at my forum (on IPB 2.2.2) for txt files a
MIME-type text/plain was set by default and the attack was worked. So
recommendation of the author to set text/plain is not effective (and in IPB
1.x there is no possibility to set MIME-type at all) and I recommend to
turn-off support of txt files at the forum.

P.S.

Yesterday I posted advisory about new XSS vulnerabilities in Invision Power
Board and soon I'll send its English versions to Bugtraq.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: Xacker (old good xacker gmail com)

> [+] Invision Power Board XSS vulnerability
>
> ...
>
> [+] Fix
>
> Simply change MIME-type of *.txt files (and any other similar
> formats) to (text/plain).