Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: hack4121.htm

Invision Power Board 2.x SQL Inj



[MaxPatrol] SQL-injection in Invision Power Board 2.x





   [ SQL-injection in Invision Power Board 2.x ]



       MaxPatrol Security Advisory 11.18.04

              November 18, 2004



   Release Date:     November 18, 2004

   Date Reported:    November 12, 2004

   Severity:         High

   Application:      Invision Power Board v2.x

   Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2.

   Platform:         PHP





I. DESCRIPTION



   An input validation vulnerability was reported in Invision Power Board v2.x. A remote user can conduct SQL injection attack.





   Example:



   http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_i njection]





   Result:



 --------------------------------------------------------------------------

   mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t ON (t.tid=p.topic_id)

                                   WHERE pid IN (1[sql_injection])

   

   mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line 2

   mySQL error code: 

   Date: Friday 12th of November 2004 06:53:25 PM

 --------------------------------------------------------------------------





   This vulnerability found automatically by full-featured commercial version of MaxPatrol.





II. IMPACT



   A remote user may be able to execute arbitrary SQL commands on the underlying database.





III. SOLUTION



   To update your IPB 2.x board, simply download security update file, expand and upload "sources/post.php" over the one on your installation.





IV. VENDOR FIX/RESPONSE



   Vulnerability is fixed.



   Security update:



   http://forums.invisionpower.com/index.php?showtopic=154916 

   http://forums.invisionpower.com/index.php?act=Attach&type=post&id=4 992





V. CREDIT



   This vulnerability was discovered by Positive Technologies using MaxPatrol 

   (www.maxpatrol.com) - intellectual professional security scanner. It is able 

   to detect a substantial amount of vulnerabilities not published yet. 

   MaxPatrol's intelligent algorithms are also capable to detect a lot of 

   vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP 

   Response splitting).



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH