Good Morning all,

It’s been a busy past month for me, but I did happen to find a new vulnerability that exists in IP.Board.  IP.Board is basically a web application that allows you to run a forum, with the option to purchase additional functionality, like blogs, a store, etc.

While I was looking into how IP.Board works, and running some tests and scans against it, I’ve discovered a couple of vulnerabilities in the application.  At the moment, it seems to largely be information disclosure and XSRF vulnerabilities, but I am in the process of seeing if it is capable of further development  into something a little more dangerous.

I’ve already reported some of the  vulnerabilities to the developers of IP.Board, and they said that a fix has been created for their next update.  I’ll be sure to let you know once it is released if it fixes the issue.  The other outstanding vulnerabilities I want to look into as much as I can to see if it can result in a dangerous attack.  As I find out more information, and understand how it works, I will then be able to provide a better report to the developers of IP.Board (Invision Services) about the vulnerability.

I am also currently working to get a CVE number reserved for the issue for proper tracking of the vulnerability.