<<< Date Index >>>     <<< Thread Index >>>

SQL-injections in Invision Power Board v2.0.1




******************************************************** 
 SQL-injections in Invision Power Board v2.0.1 
******************************************************** 
-------------------------- 
Program: IPB 2.0.1 
Homepage: http://www.invisionboard.com 
Vulnerable Versions: IPB 2.0.1 
Has found: CENSORED 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability has been found in forum Invision Power Board v2.0.1 
At citing messages. 
Here an example: 
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=2qpid=2 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

If in the end of parameter to put ' the forum swears on 
Syntactic mistake: 

mySQL query error: select p. *, t.forum_id FROM ibf_posts p 
LEFT JOIN ibf_topics t ON (t.tid=p.topic_id) WHERE pid IN () 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

SQL an injection 
Example: 
http://127.0.0.1/forum/index.php? act=PostCODE=02f=4t=3qpid = ' [SQL] 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

I tested vulnerability for versions 2.0.1 
Other versions as can be mentioned. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

As have been found vulnerability of other character, but about them 
I shall not inform yet:) 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
On any questions address: 

CENSORED [SVT]-Search Vulnerabilities Team 
www.security-tmp.net.ru 

*********************************************************