Invision Power Board search.php st Variable SQL Injection

2004-02-28T07:02:07
ID OSVDB:4103
Type osvdb
Reporter Knight Commander(knight4vn@yahoo.com)
Modified 2004-02-28T07:02:07

Description

Vulnerability Description

Invision Power Board contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'st' variable in the in 'search.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Invision Power Board Services has released a patch to address this vulnerability.

Short Description

Invision Power Board contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'st' variable in the in 'search.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/forum/index.php?act=Search&nav=lv&CODE=show&searchid=&search_in=topics&result_type=topics&hl=&st=20[SQL code]/*

References:

Vendor URL: http://www.invisionboard.com/ Secunia Advisory ID:11008 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0684.html ISS X-Force ID: 15343 CVE-2004-0338 Bugtraq ID: 9766