Skip to main content

IP Board < 3.4.2 - Persistent Cross Site Scripting Vulnerability


Date: Reported on December 2012

Exploit Author: Wuming tgh / Anakorn Kyavatanakij

Vendor Homepage:

Software Link:

Version: Affecting all versions below 3.4.2 (Fixed)


  1. Go to "My Settings" to edit your user profile:
  2. Find the "Profile Infomation" input field. (textarea)
  3. Fill in the input field with the XSS Attack Vector: </textarea><script> your script </script>
  4. Whenever an admin views your profile in the admin panel, the payload will be executed.
ipboard email