Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: Frequently Exploited :: hack4121.htm

Invision Power Board 2.x SQL Inj
[MaxPatrol] SQL-injection in Invision Power Board 2.x

   [ SQL-injection in Invision Power Board 2.x ]

       MaxPatrol Security Advisory 11.18.04

              November 18, 2004

   Release Date:     November 18, 2004

   Date Reported:    November 12, 2004

   Severity:         High

   Application:      Invision Power Board v2.x

   Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2.

   Platform:         PHP


   An input validation vulnerability was reported in Invision Power Board v2.x. A remote user can conduct SQL injection attack.


   http://site/forum/index.php?act=Post&CODE=02&f=2&t=1&qpid=1[sql_i njection]



   mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t ON (t.tid=p.topic_id)

                                   WHERE pid IN (1[sql_injection])


   mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line 2

   mySQL error code: 

   Date: Friday 12th of November 2004 06:53:25 PM


   This vulnerability found automatically by full-featured commercial version of MaxPatrol.


   A remote user may be able to execute arbitrary SQL commands on the underlying database.


   To update your IPB 2.x board, simply download security update file, expand and upload "sources/post.php" over the one on your installation.


   Vulnerability is fixed.

   Security update: 992


   This vulnerability was discovered by Positive Technologies using MaxPatrol 

   ( - intellectual professional security scanner. It is able 

   to detect a substantial amount of vulnerabilities not published yet. 

   MaxPatrol's intelligent algorithms are also capable to detect a lot of 

   vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP 

   Response splitting).

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH