[38120] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SQL Injection Vulnerability in Invision Community Blog

daemon@ATHENA.MIT.EDU (darkhawk matrix)
Mon Jan 10 13:52:40 2005

Date: 9 Jan 2005 04:51:32 -0000
Message-ID: <20050109045132.10139.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: darkhawk matrix <darkhawk.matrix@gmail.com>
To: bugtraq@securityfocus.com

Invision Community Blog <http://www.invisionblog.com/>, is a powerful blogging system that will plug straight into your Invision Power Board. Allow your members to create their own individual blogs. 
Invision Community Blog is a comprehensive system with a very easy to use interface.

Due to improper validation checks in the variable eid , it is possible for an attacker to manipulate an SQL query.

Example:

http://website/forum/index.php?automodule=blog&blogid=14&cmd=showentry&eid=4%20injectionhere

Website MATRIX 2K WebMasters & Hackers Association
http://www.matrix2k.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38120] in bugtraq

SQL Injection Vulnerability in Invision Community Blog

daemon@ATHENA.MIT.EDU (darkhawk matrix)Mon Jan 10 13:52:40 2005

daemon@ATHENA.MIT.EDU (darkhawk matrix)
Mon Jan 10 13:52:40 2005