IP.Board 3.3.x & 3.4.x – Messenger Directories Input Validation Failure (R911-0175)

Type: Input Validation
Location: Remote
Impact: High
Product: IP.Board
Website: https://www.invisionpower.com/apps/board/
Vulnerable Version: 3.3.x & 3.4.x
CVE: -
R911: 0175
Date: 2015-05-01
By: RACK911 Labs

Product Description:

Invision Power Board (abbreviated IPB, IP.Board or IP Board) is an Internet forum software produced by Invision Power Services, Inc. It is written in PHP and primarily uses MySQL as a database management system, although support for other database engines is available.

Vulnerability Description:

Due to an input validation failure, it is possible for a malicious user to remove / add any message directory belonging to another user.

Impact:

We have deemed this vulnerability to be rated HIGH due to the fact that a malicious user can incrementally go through an IP.Board site and wipe out the default directory for messages.

Vulnerable Version:

This vulnerability was tested against IP.Board 3.4.7 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in IP.Board 3.3.x & 3.4.x which can be downloaded from the vendors website:

http://community.invisionpower.com/blogs/entry/9729-ipboard-33x-34x-security-update/

Vendor Contact Timeline:

2015-04-23: Vendor contacted via email.
2015-04-24: Vendor confirms vulnerability.
2015-05-01: Vendor issues patches.
2015-05-01: RACK911 Labs issues security advisory.