IPB <= 2.1.5 SQL inj. vuln.

2006-04-20T00:00:00
ID SECURITYVULNS:DOC:12324
Type securityvulns
Reporter Securityvulns
Modified 2006-04-20T00:00:00

Description

IPB <= 2.1.5 SQL inj. vuln.

Vuln. discovered by : r0t Date: 19 april 2006 vendorlink:http://www.invisionboard.com/ affected versions:2.1.5 and previous orginal advisory: http://pridels.blogspot.com/2006/04/ipb-215-sql-inj-vuln.html

Vuln. Description:

IPB contains a flaw that allows a remote sql injection attacks.Input passed to the "st" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:

/index.php?act=Online&st=-1[SQL]

Solution: Edit the source code to ensure that input is properly sanitised.

More information @ unsecured-systems.com/forum/