35 matches found
Sql injection in ibProArcade
Sql injection in ibProArcade. This bug was discoverd in all of the versions of ibproarcade 2.x. It was tested and found perfectly working under vBulettin or Invision power board. Date:2005-11-5 The injection is here: module=report&user=userid Query: 'SELECT name FROM ibfmembers WHERE id=userid'...
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =================================================================== ibProArcade 2.x module vBulletin/IPB Remote SQL Injection Exploit =================================================================== Rankings for name will state the md5...
ibProArcade 2.x - module vBulletinIPB SQL Injection
ibProArcade 2.x - module vBulletinIPB SQL Injection Rankings for name will state the md5 hash for the user /str0ke ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibfmembers where id=anyuser vBulettin forums: index.php?act=ibProArcade&module=report&user=...
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
Rankings for name will state the md5 hash for the user /str0ke ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibfmembers where id=anyuser vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select password from user where...
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
No description provided by source. Rankings for name will state the md5 hash for the user /str0ke ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibfmembers where id=anyuser vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select...
CVE-2004-1536
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board IPB 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2004-1536
CVE-2004-1536 affects the ibProArcade module of Invision Power Board (IPB) 1.x and 2.x. The vulnerability is a SQL injection in index.php through the cat parameter, allowing remote attackers to execute arbitrary SQL commands on the backend database. The Nessus/NVD/CVE references confirm remote-ex...
CVE-2004-1430
SQL injection vulnerability CVE-2004-1430 affects IbProArcade’s show_stats module (Arcade.php) where the gameid parameter can be exploited to inject arbitrary SQL. This is remote and arises from input handling in the application’s PHP code. The available sources confirm the vulnerability and base...
CVE-2004-1430
SQL injection vulnerability in the showstats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter...
[UNIX] SQL Injection Vulnerability in IBProArcade (Arcade.php)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
SQL Injection Vulnerability In IBProArcade
A flaw exists in the high scores module of IbProArcade which allows malicious SQL Code to be executed on the database the board & arcade use. Demo: http://www.ibproarcade.com/index.php?act=Arcade&do=stats&gameid=104FOO Fix this vuln by following the following directions... open your...
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote databas...
CVE-2004-1430
SQL injection vulnerability in the showstats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter...
CVE-2004-1536
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board IPB 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter...
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
The installation of Invision Power Board on the remote host includes an optional module, named 'Arcade', that allows unauthorized users to inject SQL commands into the remote SQL database through the 'cat' parameter. An attacker may use this flaw to gain control of the remote database and possibl...