1. Introduction
The Invision Power Board Referer field XSS vulnerability allows an attacker to inject malicious scripts into a web page viewed by other users. This can lead to cookie theft and session hijacking, compromising user accounts. Affected systems are typically those running the Invision Power Board forum software. A successful exploit could result in loss of confidentiality through stolen cookies, potential integrity compromise if the injected script modifies data, and availability issues if the site is defaced or becomes unresponsive.
2. Technical Explanation
The vulnerability stems from insufficient input validation on the Referer field within Invision Power Board’s PHP scripts. This allows an attacker to inject arbitrary JavaScript code that executes in a victim’s browser when they access the affected page. The attack is remote, meaning it can be launched over the internet without direct system access. CVE-2004-1578 describes this issue.
- Root cause: Missing input validation on the Referer HTTP header field allows arbitrary JavaScript execution.
- Exploit mechanism: An attacker crafts a malicious URL containing JavaScript code in the Referer header, then tricks a user into clicking it. When the user accesses the page, the injected script executes. For example, an attacker could send a link like
http://example.com/?r= - Scope: Invision Power Board forum software versions prior to 2.1 are affected.
3. Detection and Assessment
Confirming vulnerability requires checking the installed version of Invision Power Board and assessing if it’s susceptible to XSS attacks through the Referer header.
- Quick checks: Check the Invision Power Board admin panel for the software version.
- Scanning: Nessus plugin ID 10875 can detect this vulnerability, but results should be verified manually.
- Logs and evidence: Examine web server logs for requests containing suspicious JavaScript code in the Referer header. Look for patterns like `