# Exploit Title: IP Board - Persistent Cross Site Scripting Vulnerability# Dat

1. # Exploit Title: IP Board - Persistent Cross Site Scripting Vulnerability
2. # Date: December 2012
3. # Exploit Author: Wuming tgh
4. # Vendor Homepage: https://www.invisionpower.com
5. # Software Link: https://www.invisionpower.com
6. # Version: Affecting all versions below 3.4.2 (Fixed)
7. # Tested on: Linux,Windows 7
8.  
9. http://i.imgur.com/QzD0KhGl.png
10. http://i.imgur.com/WEOxuixl.png
11.  
12. 1) Go to My Settings to edit user's profile
13. localhost/index.php?app=core&module=usercp&tab=core
14. 2) Find the "Profile Infomation" input field. (textarea)
15. 3) XSS Vector:
16. </textarea><script> your script </script>
17. 4) There are 2 pages that the javascript will be executed. One is the current user's profile. (will only show when you click "edit profile")
18. Another one is in the admin panel. When an admin views your profile via admin panel the javascript will also be executed.
19.  
20. Simple Scenario:
21. You might think that it is pretty hard to steal cookies or do anything with it since someone will need to view your profile. However, its pretty simple. Create an account. Start spamming the forum or do something against the rules. The admin will want to ban you. Hence, he views your profile. Done.