SQL Injection Vulnerability in Invision Community Blog

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL Injection Vulnerability in Invision Community Blog
From: darkhawk matrix <darkhawk.matrix@xxxxxxxxx>
Date: 9 Jan 2005 04:51:32 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Invision Community Blog <http://www.invisionblog.com/>, is a powerful blogging 
system that will plug straight into your Invision Power Board. Allow your 
members to create their own individual blogs. 
Invision Community Blog is a comprehensive system with a very easy to use 
interface.

Due to improper validation checks in the variable eid , it is possible for an 
attacker to manipulate an SQL query.

Example:

http://website/forum/index.php?automodule=blog&blogid=14&cmd=showentry&eid=4%20injectionhere


Website MATRIX 2K WebMasters & Hackers Association
http://www.matrix2k.org

Prev by Date: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
Next by Date: [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf
Previous by thread: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
Next by thread: [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf
Index(es):
- Date
- Thread