[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [MaxPatrol] SQL-injection in Invision Power Board 2.x
From:       Alexander Anisimov <anisimov () ptsecurity ! com>
Date:       2004-11-18 10:14:37
Message-ID: 20041118101437.11239.qmail () www ! securityfocus ! com
[Download RAW message or body]




   [ SQL-injection in Invision Power Board 2.x ]

       MaxPatrol Security Advisory 11.18.04
              November 18, 2004

   Release Date:     November 18, 2004
   Date Reported:    November 12, 2004
   Severity:         High
   Application:      Invision Power Board v2.x
   Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2.
   Platform:         PHP


I. DESCRIPTION

   An input validation vulnerability was reported in Invision Power Board v2.x. A \
remote user can conduct SQL injection attack.


   Example:

   http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_injection]


   Result:

 --------------------------------------------------------------------------
   mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t \
ON (t.tid=p.topic_id)  WHERE pid IN (1[sql_injection])
   
   mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line \
2  mySQL error code: 
   Date: Friday 12th of November 2004 06:53:25 PM
 --------------------------------------------------------------------------


   This vulnerability found automatically by full-featured commercial version of \
MaxPatrol.


II. IMPACT

   A remote user may be able to execute arbitrary SQL commands on the underlying \
database.


III. SOLUTION

   To update your IPB 2.x board, simply download security update file, expand and \
upload "sources/post.php" over the one on your installation.


IV. VENDOR FIX/RESPONSE

   Vulnerability is fixed.

   Security update:

   http://forums.invisionpower.com/index.php?showtopic=154916
   http://forums.invisionpower.com/index.php?act=Attach&type=post&id=4992


V. CREDIT

   This vulnerability was discovered by Positive Technologies using MaxPatrol 
   (www.maxpatrol.com) - intellectual professional security scanner. It is able 
   to detect a substantial amount of vulnerabilities not published yet. 
   MaxPatrol's intelligent algorithms are also capable to detect a lot of 
   vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP 
   Response splitting).


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic