Ads Invision Power Board 2.1 <= 2.1.6 sql injection Monday, 17 July 2006 RST/GHC advisory#41 Product: Invision Power Board Version: 2.1 <= 2.1.6 Vendor: INVISION Power Service URL: http://www.invisionpower.com VULNERABILITY CLASS: SQL injection [Product Description] Invision Power Board, an award-winning scaleable bulletin board system, written in PHP, uses SQL database. "Invision Power Board is packed with useful features that enable you to quickly and painlessly configure and manage every aspect of your board." [Summary] Unsufficient sanitazing of the user depend data in HTTP header may lead to SQL injection attack. [Details] Data from HTTP variable CLIENT_IP puts directly to sql statement: [code] /sources/ipsclass.php $addrs[] = $_SERVER[HTTP_CLIENT_IP]; $addrs[] = $_SERVER[REMOTE_ADDR]; $addrs[] = $_SERVER[HTTP_PROXY_USER]; foreach ( $addrs as $ip ) { if ( $ip ) { $this->ip_address = $ip; break; } } [/code] [code] /sources/classes/class_session.php if ( $this->ipsclass->vars[match_ipaddress] == 1 ) { $query .= " AND ip_address=".$this->ipsclass->ip_address.""; } $this->ipsclass->DB->simple_construct(array( select => id, member_id, running_time, location, from => sessions, where => "id=".$session_id."".$query)); [/code] [Exploit] http://rst.void.ru/download/r57ipb216gui.txt [Bugfix] Upgrade to 2.1.7 version [Credits] 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.