| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 16 Dec 2003 04:30:40 -0000 From: JeiAr <security@...ftech.org> To: bugtraq@...urityfocus.com Subject: Invision Power Board SQL Injection Vuln [ All Versions ] Vendor : Invision Power Services URL : http://www.invisionpower.com Version : All Versions Up To v2.0 Alpha 3 Risk : SQL Injection Vulnerability Description: Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world. Problem: Invision Power Board is vulnerable to an SQL Injection Vulnerability. All versions up to 2.0 Alpha 3 seem to be affected. Below is an example URL to test if you are vulnerable. /index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[Problem_is_here] If you are vulnerable (you should be) you will see an error message similar to the one posted below. The only requirement is to know a valid forum number and to have read access to that forum (must be able to view it). Begin Error Message ------------------------------ mySQL query error: SELECT * from ibf_topics WHERE forum_id=2 and approved=1 and (last_post > 0 OR pinned=1) ORDER BY pinned DESC, [Problem_is_here] DESC LIMIT 0,15 mySQL error: You have an error in your SQL syntax near '[Problem_is_here] DESC LIMIT 0,15' at line 1 mySQL error code: Date: Saturday 13th of December 2003 01:25:30 AM ------------------------------- Solution: Invision Power Services have released a fix for this. You can view the forum post http://forums.invisionpower.com/index.php?showtopic=106774&st=0&#entry762426 Or go straight to the download page. http://www.invisionboard.com/download/index.php?act=dl&s=1&id=12&p=1 Credits: Credits go to JeiAr of the GulfTech Security Research Team. http://www.gulftech.org
Powered by blists - more mailing lists