[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [MaxPatrol] SQL-injection in Invision Power Board 2.x
From: Alexander Anisimov <anisimov () ptsecurity ! com>
Date: 2004-11-18 10:14:37
Message-ID: 20041118101437.11239.qmail () www ! securityfocus ! com
[Download RAW message or body]
[ SQL-injection in Invision Power Board 2.x ]
MaxPatrol Security Advisory 11.18.04
November 18, 2004
Release Date: November 18, 2004
Date Reported: November 12, 2004
Severity: High
Application: Invision Power Board v2.x
Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2.
Platform: PHP
I. DESCRIPTION
An input validation vulnerability was reported in Invision Power Board v2.x. A \
remote user can conduct SQL injection attack.
Example:
http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_injection]
Result:
--------------------------------------------------------------------------
mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t \
ON (t.tid=p.topic_id) WHERE pid IN (1[sql_injection])
mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line \
2 mySQL error code:
Date: Friday 12th of November 2004 06:53:25 PM
--------------------------------------------------------------------------
This vulnerability found automatically by full-featured commercial version of \
MaxPatrol.
II. IMPACT
A remote user may be able to execute arbitrary SQL commands on the underlying \
database.
III. SOLUTION
To update your IPB 2.x board, simply download security update file, expand and \
upload "sources/post.php" over the one on your installation.
IV. VENDOR FIX/RESPONSE
Vulnerability is fixed.
Security update:
http://forums.invisionpower.com/index.php?showtopic=154916
http://forums.invisionpower.com/index.php?act=Attach&type=post&id=4992
V. CREDIT
This vulnerability was discovered by Positive Technologies using MaxPatrol
(www.maxpatrol.com) - intellectual professional security scanner. It is able
to detect a substantial amount of vulnerabilities not published yet.
MaxPatrol's intelligent algorithms are also capable to detect a lot of
vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP
Response splitting).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic