SQL-injections in Invision Power Board v2.0.1

From: CENSORED (censored_at_mail.ru)
Date: 04/25/05

Next message: Zinho: "[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability"

Previous message: ViPeR: "IE - cross site click detection?"
Next in thread: Steven M. Christey: "Re: SQL-injections in Invision Power Board v2.0.1"
Maybe reply: Steven M. Christey: "Re: SQL-injections in Invision Power Board v2.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 Apr 2005 21:29:16 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

********************************************************
SQL-injections in Invision Power Board v2.0.1
********************************************************
--------------------------
Program: IPB 2.0.1
Homepage: http://www.invisionboard.com
Vulnerable Versions: IPB 2.0.1
Has found: CENSORED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability has been found in forum Invision Power Board v2.0.1
At citing messages.
Here an example:
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=2qpid=2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If in the end of parameter to put ' the forum swears on
Syntactic mistake:

mySQL query error: select p. *, t.forum_id FROM ibf_posts p
LEFT JOIN ibf_topics t ON (t.tid=p.topic_id) WHERE pid IN ()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SQL an injection
Example:
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=3qpid = ' [SQL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I tested vulnerability for versions 2.0.1
Other versions as can be mentioned.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As have been found vulnerability of other character, but about them
I shall not inform yet:)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On any questions address:

CENSORED [SVT]-Search Vulnerabilities Team
www.security-tmp.net.ru

*********************************************************

Next message: Zinho: "[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability"

Previous message: ViPeR: "IE - cross site click detection?"
Next in thread: Steven M. Christey: "Re: SQL-injections in Invision Power Board v2.0.1"
Maybe reply: Steven M. Christey: "Re: SQL-injections in Invision Power Board v2.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Multiple Vulnerabilities In Invision Power Board
... Invision Power Board is a professional forum system that ... versions of Invision Power Board are vulnerable to a serious ... SQL Injection vulnerability if magic_quotes_gpc is set to off. ... An attacker does not have to be logged in, ...
(Bugtraq)
[Full-Disclosure] [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board
... [MAXPATROL Security Advisories] ... Cross site scripting in Invision Power Board ... This vulnerability was discovered by Positive Technologies using MaxPatrol ...
(Full-Disclosure)
[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board
... [MAXPATROL Security Advisories] ... Cross site scripting in Invision Power Board ... This vulnerability was discovered by Positive Technologies using MaxPatrol ...
(Bugtraq)
[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board
... [MAXPATROL Security Advisories] ... Cross site scripting in Invision Power Board ... This vulnerability was discovered by Positive Technologies using MaxPatrol ...
(Full-Disclosure)
[MaxPatrol] SQL-injection in Invision Power Board 2.x
... An input validation vulnerability was reported in Invision Power Board v2.x. ... A remote user may be able to execute arbitrary SQL commands on the underlying database. ... - intellectual professional security scanner. ...
(Bugtraq)