lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041118101437.11239.qmail@www.securityfocus.com> Date: 18 Nov 2004 10:14:37 -0000 From: Alexander Anisimov <anisimov@...ecurity.com> To: bugtraq@...urityfocus.com Subject: [MaxPatrol] SQL-injection in Invision Power Board 2.x [ SQL-injection in Invision Power Board 2.x ] MaxPatrol Security Advisory 11.18.04 November 18, 2004 Release Date: November 18, 2004 Date Reported: November 12, 2004 Severity: High Application: Invision Power Board v2.x Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2. Platform: PHP I. DESCRIPTION An input validation vulnerability was reported in Invision Power Board v2.x. A remote user can conduct SQL injection attack. Example: http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_injection] Result: -------------------------------------------------------------------------- mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t ON (t.tid=p.topic_id) WHERE pid IN (1[sql_injection]) mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line 2 mySQL error code: Date: Friday 12th of November 2004 06:53:25 PM -------------------------------------------------------------------------- This vulnerability found automatically by full-featured commercial version of MaxPatrol. II. IMPACT A remote user may be able to execute arbitrary SQL commands on the underlying database. III. SOLUTION To update your IPB 2.x board, simply download security update file, expand and upload "sources/post.php" over the one on your installation. IV. VENDOR FIX/RESPONSE Vulnerability is fixed. Security update: http://forums.invisionpower.com/index.php?showtopic=154916 http://forums.invisionpower.com/index.php?act=Attach&type=post&id=4992 V. CREDIT This vulnerability was discovered by Positive Technologies using MaxPatrol (www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP Response splitting).
Powered by blists - more mailing lists