[38621] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: SQL-injections in Invision Power Board v2.0.1

daemon@ATHENA.MIT.EDU (Steven M. Christey)
Wed Apr 27 13:50:01 2005

Date: Wed, 27 Apr 2005 01:43:58 -0400 (EDT)
Message-Id: <200504270543.j3R5hw5l005266@linus.mitre.org>
From: "Steven M. Christey" <coley@mitre.org>
To: bugtraq@securityfocus.com


This issue appears to be a rediscovery of a Bugtraq post by Alexander
Anisimov on November 18, 2004:

  [MaxPatrol] SQL-injection in Invision Power Board 2.x
  http://www.securityfocus.com/archive/1/381503

1) Both inject the SQL into the "qpid" parameter

2) Both deal with the "post" action ("act=Post") in index.php

3) The vendor fixed the issue as identified in the following forum
   post:

    http://forums.invisionpower.com/index.php?showtopic=154916


- Steve


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38621] in bugtraq

Re: SQL-injections in Invision Power Board v2.0.1

daemon@ATHENA.MIT.EDU (Steven M. Christey)Wed Apr 27 13:50:01 2005

daemon@ATHENA.MIT.EDU (Steven M. Christey)
Wed Apr 27 13:50:01 2005