Invision Power Top Site List index.php offset Variable SQL Injection

2003-12-16T14:05:43
ID OSVDB:3059
Type osvdb
Reporter OSVDB
Modified 2003-12-16T14:05:43

Description

Vulnerability Description

Invision Power Top Site List contains a validation flaw in "offset" parameter that can be used to manipulate SQL queries leading to a loss of integrity.

Technical Description

All Versions Up To v2.0 Alpha 3 are affected

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor will fix this vulnerablity in the next release.

Short Description

Invision Power Top Site List contains a validation flaw in "offset" parameter that can be used to manipulate SQL queries leading to a loss of integrity.

Manual Testing Notes

Vulnerability test string: index.php?offset=[%20Problem%20Here%20]

References:

Secunia Advisory ID:10447 Other Advisory URL: http://www.gulftech.org/12152003b.php Nessus Plugin ID:11956 Bugtraq ID: 9229