Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)

Invision Power Board (IP.Board) < 2.0 Alpha 3 – SQL Injection (PoC)

漏洞ID 1054301 漏洞类型
发布时间 2003-12-16 更新时间 2003-12-16
图片[1]-Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)-安全小百科CVE编号 N/A
图片[2]-Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43790
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
IP.Board SQL Injection

Vendor: Invision Power Services
Product: IP.Board
Version: <= 2.0 Alpha 3
Website: http://www.invisionboard.com/

BID: 9232 

Description:
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world. 

Problem:
Invision Power Board is vulnerable to an SQL Injection Vulnerability. All versions up to 2.0 Alpha 3 seem to be affected. Below is an example URL to test if you are vulnerable. 

/index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[Problem_Is_Here] 

If you are vulnerable (you should be) you will see an error message similar to the one posted below. The only requirement is to know a valid forum number and to have read access to that forum (must be able to view it). 

mySQL query error: SELECT * from ibf_topics WHERE forum_id=2 and approved=1 
and (last_post > 0 OR pinned=1) ORDER BY pinned DESC, [Problem_Is_Here] DESC 
LIMIT 0,15

mySQL error: You have an error in your SQL syntax near '[Problem_Is_Here] 
DESC LIMIT 0,15' at line 1

mySQL error code: 
Date: Saturday 13th of December 2003 01:25:30 AM

Solution:
Invision Power Services have released a fix for this issue. 
http://www.invisionboard.com/download/index.php?act=dl&s=1&id=12&p=1 

Credits:
James Bercegay of the GulfTech Security Research Team.

相关推荐: Comment Board HTML Injection Vulnerabilities

Comment Board HTML Injection Vulnerabilities 漏洞ID 1099511 漏洞类型 Input Validation Error 发布时间 2003-09-24 更新时间 2003-09-24 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享