[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    SQL Injection Vulnerability in Invision Community Blog
From:       darkhawk matrix <darkhawk.matrix () gmail ! com>
Date:       2005-01-09 4:51:32
Message-ID: 20050109045132.10139.qmail () www ! securityfocus ! com
[Download RAW message or body]



Invision Community Blog <http://www.invisionblog.com/>, is a powerful blogging system \
that will plug straight into your Invision Power Board. Allow your members to create \
their own individual blogs.  Invision Community Blog is a comprehensive system with a \
very easy to use interface.

Due to improper validation checks in the variable eid , it is possible for an \
attacker to manipulate an SQL query.

Example:

http://website/forum/index.php?automodule=blog&blogid=14&cmd=showentry&eid=4%20injectionhere



Website MATRIX 2K WebMasters & Hackers Association
http://www.matrix2k.org


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic