SQL Injection Vulnerability In IBProArcade

From: mike bailey (mike_at_ub3r.net)
Date: 12/31/04

  • Next message: houseofdabus HOD: "[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC"
    Date: 31 Dec 2004 13:19:01 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    A flaw exists in the high scores module of IbProArcade which allows malicious SQL Code to be executed on the database the board & arcade use.

    Demo: http://www.ibproarcade.com/index.php?act=Arcade&do=stats&gameid=104FOO

    Fix this vuln by following the following directions...

    open your sources/Arcade.php file

    Find this code bit:

    [code] //----------------------------------------
           // Show_Stats
           //
           // This shows the leaderboard
           //
           //----------------------------------------

           function show_stats() {

                   global $ibforums, $DB, $std;[/code]

    Directly under that, add..

    [code]if(!is_numeric($ibforums->input['gameid']))
              {
                   $std->Error( array( 'LEVEL' => 1, 'MSG' => 'dont_try_it') );
              }[/code]

    then open up your lang/en/lang_Arcade.php file scroll down to the bottom where you will find

    [code] );

    ?>[/code]

    right above that, add this:

    [code]
    #security
    dont_try_it => "I don't think so annie."[/code]

    And you're set.


  • Next message: houseofdabus HOD: "[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC"