lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040611155313.18926.qmail@www.securityfocus.com>
Date: 11 Jun 2004 15:53:13 -0000
From: Hillel Himovich <hll@...vision.net.il>
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.


In-Reply-To: <000d01c44d68$51a14ec0$05a0968c@...800mhz>

>Compromise:  SQL Injection, Cross site Scripting.
>Vulnerable Systems: Invision Power Board v1.3.1 Final.
>Details:
>An Input Validation Error exists in ssi.php.
>
>$sql_fields is vulnerable to An Input Validation Error.
>How to exploit this bug?
>http://TARGET/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION]

I guss, you are reffering this line in the SQL Statment...
WHERE t.forum_id IN ($sql_fields)
I downloaded IPB 1.3.1 F and digiid for a fwe seconds, if you look a bit up in the code u'll see:

$f = intval($f);
	if ( $f )
		{
			$forums[] = $f;
		}
...........
...........
$sql_fields = implode( ",", $forums );

intval, means that u can't enter string in the f field...


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ