https://www.exploit-db.com/exploits/24759
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1116

ibProArcade是IPB论坛系统的一个模块。ibProArcade在处理用户提交给’category’字段的数据缺少充分过滤，远程攻击者可以利用这个漏洞进行SQL注入攻击，可能获得敏感信息或更改数据库。提交包含恶意SQL命令的数据，提交给”category”参数，可更改原来的SQL逻辑，获得数据库敏感信息或更改数据库。

source: http://www.securityfocus.com/bid/11719/info

A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.

http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*

For modules installed on Invision Power Board versions 2.X:
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*

来源:XF
名称:ibproarcade-category-sql-injection(18180)
链接:http://xforce.iss.net/xforce/xfdb/18180
来源:BID
名称:11719
链接:http://www.securityfocus.com/bid/11719
来源:SECTRACK
名称:1012292
链接:http://securitytracker.com/id?1012292
来源:SECUNIA
名称:13260
链接:http://secunia.com/advisories/13260
来源:BUGTRAQ
名称:20041120IpbProArace2.5.xSQLinjection.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110098512318132&w;=2
来源：NSFOCUS
名称：7142
链接：http://www.nsfocus.net/vulndb/7142