[38608] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SQL-injections in Invision Power Board v2.0.1

daemon@ATHENA.MIT.EDU (CENSORED)
Tue Apr 26 16:45:16 2005

Date: 25 Apr 2005 21:29:16 -0000
Message-ID: <20050425212916.23448.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: CENSORED <censored@mail.ru>
To: bugtraq@securityfocus.com



******************************************************** 
 SQL-injections in Invision Power Board v2.0.1 
******************************************************** 
-------------------------- 
Program: IPB 2.0.1 
Homepage: http://www.invisionboard.com 
Vulnerable Versions: IPB 2.0.1 
Has found: CENSORED 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability has been found in forum Invision Power Board v2.0.1 
At citing messages. 
Here an example: 
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=2qpid=2 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

If in the end of parameter to put ' the forum swears on 
Syntactic mistake: 

mySQL query error: select p. *, t.forum_id FROM ibf_posts p 
LEFT JOIN ibf_topics t ON (t.tid=p.topic_id) WHERE pid IN () 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

SQL an injection 
Example: 
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=3qpid = ' [SQL] 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

I tested vulnerability for versions 2.0.1 
Other versions as can be mentioned. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

As have been found vulnerability of other character, but about them 
I shall not inform yet:) 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
On any questions address: 

CENSORED [SVT]-Search Vulnerabilities Team 
www.security-tmp.net.ru 

*********************************************************

home	help	back	first	fref	pref	prev	next	nref	lref	last	post