Bugtraq mailing list archives
Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.
From: Hillel Himovich <hll () netvision net il>
Date: 11 Jun 2004 15:53:13 -0000
In-Reply-To: <000d01c44d68$51a14ec0$05a0968c@p42800mhz>
Compromise: SQL Injection, Cross site Scripting. Vulnerable Systems: Invision Power Board v1.3.1 Final. Details: An Input Validation Error exists in ssi.php. $sql_fields is vulnerable to An Input Validation Error. How to exploit this bug? http://TARGET/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION]
I guss, you are reffering this line in the SQL Statment... WHERE t.forum_id IN ($sql_fields) I downloaded IPB 1.3.1 F and digiid for a fwe seconds, if you look a bit up in the code u'll see: $f = intval($f); if ( $f ) { $forums[] = $f; } ........... ........... $sql_fields = implode( ",", $forums ); intval, means that u can't enter string in the f field...
Current thread:
- Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. JvdR (Jun 09)
- Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Mike Healan (Jun 10)
- <Possible follow-ups>
- Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Hillel Himovich (Jun 11)