[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SQL Injection Vulnerability in Invision Community Blog
From: darkhawk matrix <darkhawk.matrix () gmail ! com>
Date: 2005-01-09 4:51:32
Message-ID: 20050109045132.10139.qmail () www ! securityfocus ! com
[Download RAW message or body]
Invision Community Blog <http://www.invisionblog.com/>, is a powerful blogging system \
that will plug straight into your Invision Power Board. Allow your members to create \
their own individual blogs. Invision Community Blog is a comprehensive system with a \
very easy to use interface.
Due to improper validation checks in the variable eid , it is possible for an \
attacker to manipulate an SQL query.
Example:
http://website/forum/index.php?automodule=blog&blogid=14&cmd=showentry&eid=4%20injectionhere
Website MATRIX 2K WebMasters & Hackers Association
http://www.matrix2k.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic