lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <719495543.20041119120344@ptsecurity.ru>
From: aanisimov at ptsecurity.ru (aanisimov@...ecurity.ru)
Subject: [MaxPatrol] SQL-injection in Invision Power Board 2.x

   [ SQL-injection in Invision Power Board 2.x ]

       MaxPatrol Security Advisory 11.18.04
              November 18, 2004


   Release Date:     November 18, 2004
   Date Reported:    November 12, 2004
   Severity:         High
   Application:      Invision Power Board v2.x
   Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2.
   Platform:         PHP


I. DESCRIPTION

   An input validation vulnerability was reported in Invision Power Board v2.x. A remote user can conduct SQL injection attack.


   Example:

   http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_injection]


   Result:

 --------------------------------------------------------------------------
   mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t ON (t.tid=p.topic_id)
                                   WHERE pid IN (1[sql_injection])
   
   mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line 2
   mySQL error code: 
   Date: Friday 12th of November 2004 06:53:25 PM
 --------------------------------------------------------------------------


   This vulnerability found automatically by full-featured commercial version of MaxPatrol.


II. IMPACT

   A remote user may be able to execute arbitrary SQL commands on the underlying database.


III. SOLUTION

   To update your IPB 2.x board, simply download security update file, expand and upload "sources/post.php" over the one on your installation.


IV. VENDOR FIX/RESPONSE

   Vulnerability is fixed.

   Security update:

   http://forums.invisionpower.com/index.php?showtopic=154916
   http://forums.invisionpower.com/index.php?act=Attach&type=post&id=4992


V. CREDIT

   This vulnerability was discovered by Positive Technologies using MaxPatrol 
   (www.maxpatrol.com) - intellectual professional security scanner. It is able 
   to detect a substantial amount of vulnerabilities not published yet. 
   MaxPatrol's intelligent algorithms are also capable to detect a lot of 
   vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP 
   Response splitting).



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ