Invision Power Board memberlist.php st Variable SQL Injection

2005-04-09T02:24:48
ID OSVDB:15496
Type osvdb
Reporter OSVDB
Modified 2005-04-09T02:24:48

Description

Manual Testing Notes

http://[victim]/forums/index.php?act=Members&max_results=30&filter=1&sort_order=asc&sort_key=name&st=SQL_INJECTION

References:

Vendor URL: http://www.invisionboard.com/ Security Tracker: 1013676 Other Advisory URL: http://www.digitalparadox.org/advisories/inv.txt ISS X-Force ID: 20059 CVE-2005-1070 Bugtraq ID: 13097