[IPS News]

This announcement outlines several potential XSS (Cross Site Scripting) vulnerabilities present in IPB 2.0.4 and IPB 2.1.0.

These vulnerabilities allow one to use malicious HTML / javascript in IPB content to read a users cookies. These vulnerabilities are only executed by those using IE 6 due to weak MIME checking and tag concurrency checking.

Attached are two update packs. One for IPB 2.1.0 and one for IPB 2.0.4. In addition to these update packs, we recommend that you also change some MIME types for your attachment types using the instructions below.

Changing MIME types

IPB has a powerful attachments manager which allows you to determine how attached files are displayed. Due to weak MIME checking in IE6 combined with an eagerness to step over established web standards to display content, this feature can be abused. To prevent any rogue HTML being uploaded and executed, we recommend that you do the following:

• Log in to your Admin Control Panel.
  
• Locate the Attachments Types Manager. In IPB 2.1 this is under the Management Tab -> Attachments -> Attachment Types. In IPB 2.0.x, this is under Attachments -> Attachment Types.
  
• Edit the rows for: ".htm", ".html", ".txt", ".rtf", ".css", ".xml", ".php" and make the "Attachment Mime-Type" "unknown/unknown" (without the quotes).

Update pack for IPB 2.0.4

 ipb204update.zip (13.17K)
Number of downloads: 4065

Update pack for IPB 2.1.0

 ipb21update.zip (13.27K)
Number of downloads: 2593

Simply download the require pack, unzip and upload over your current files on your server. File structure is preserved to make it easier to locate these files on your server.

The main download sources have been updated as of the time of this announcement.