[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031216043040.6157.qmail@sf-www1-symnsj.securityfocus.com>
Date: 16 Dec 2003 04:30:40 -0000
From: JeiAr <security@...ftech.org>
To: bugtraq@...urityfocus.com
Subject: Invision Power Board SQL Injection Vuln [ All Versions ]
Vendor : Invision Power Services
URL : http://www.invisionpower.com
Version : All Versions Up To v2.0 Alpha 3
Risk : SQL Injection Vulnerability
Description:
Invision Power Board (IPB) is a professional forum system that has been
built from the ground up with speed and security in mind, taking advantage
of object oriented code, highly-optimized SQL queries, and the fast PHP
engine. A comprehensive administration control panel is included to help
you keep your board running smoothly. Moderators will also enjoy the full
range of options available to them via built-in tools and moderators control
panel. Members will appreciate the ability to subscribe to topics, send
private messages, and perform a host of other options through the user
control panel. It is used by millions of people over the world.
Problem:
Invision Power Board is vulnerable to an SQL Injection Vulnerability. All
versions up to 2.0 Alpha 3 seem to be affected. Below is an example URL
to test if you are vulnerable.
/index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[Problem_is_here]
If you are vulnerable (you should be) you will see an error message similar
to the one posted below. The only requirement is to know a valid forum number
and to have read access to that forum (must be able to view it).
Begin Error Message
------------------------------
mySQL query error: SELECT * from ibf_topics WHERE forum_id=2 and approved=1
and (last_post > 0 OR pinned=1) ORDER BY pinned DESC, [Problem_is_here] DESC
LIMIT 0,15
mySQL error: You have an error in your SQL syntax near '[Problem_is_here]
DESC LIMIT 0,15' at line 1
mySQL error code:
Date: Saturday 13th of December 2003 01:25:30 AM
-------------------------------
Solution:
Invision Power Services have released a fix for this. You can view the forum post
http://forums.invisionpower.com/index.php?showtopic=106774&st=0&#entry762426
Or go straight to the download page.
http://www.invisionboard.com/download/index.php?act=dl&s=1&id=12&p=1
Credits:
Credits go to JeiAr of the GulfTech Security Research Team.
http://www.gulftech.org
Powered by blists - more mailing lists