[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: SQL-injections in Invision Power Board v2.0.1
From:       "Steven M. Christey" <coley () mitre ! org>
Date:       2005-04-27 5:43:58
Message-ID: 200504270543.j3R5hw5l005266 () linus ! mitre ! org
[Download RAW message or body]


This issue appears to be a rediscovery of a Bugtraq post by Alexander
Anisimov on November 18, 2004:

  [MaxPatrol] SQL-injection in Invision Power Board 2.x
  http://www.securityfocus.com/archive/1/381503

1) Both inject the SQL into the "qpid" parameter

2) Both deal with the "post" action ("act=Post") in index.php

3) The vendor fixed the issue as identified in the following forum
   post:

    http://forums.invisionpower.com/index.php?showtopic=154916


- Steve
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic