<<< Date Index >>>     <<< Thread Index >>>

Invision Power Board v2.1 <= 2.1.6 sql injection exploit



exploit: http://www.milw0rm.com/exploits/2010

bug report: 
http://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_bug&bug_title_id=2043&bug_cat_id=3

exploit allows:

* Create new admin accounts
* Read existing account info, including session ID's.
* Read password hashes.
* Read just about any field in the database.

Allegedly patched in v2.1.7.


regards.