Bugtraq: Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.

From: "JvdR" <thewarlock () home nl>
Date: Thu, 10 Jun 2004 02:12:11 +0200

Dear Mike,

The CSS vulnerabilities are based on previous versions of IPB,
the vendor did not feel to fix them with update 1.3 > 1.3.1 final.
see http://securityfocus.com/bid/9768

Multiple SQL Injection Vulnerabilities were already found in IPB,
http://securityfocus.com/bid/7290
http://securityfocus.com/bid/9232

The problem that the vendor did fix was a vulnerability in the calendar.
http://securityfocus.com/bid/9353

In history IPB was more than once vulnerable to SQL injections of the
same type, so there is no reason to provide them with old information.

An other reason is that those kinds of vulns. are common, old news....
a query in google results in 100.000 full instructions to exploit them,
for ISP's it's quite easy to block these requests and minimize the risks.

Mike Healan wrote:
Where is the vendor response to this? From what I can see at their
support site, they've never heard of these two problems.

Let me guess, you never bothered to contact them and instead elected to
publicize full instructions to exploit software in use at over 100,000
web sites?


BR,
Jan van de Rijt.
--->
http://members.home.nl/thewarlock

By Date By Thread

Current thread:

Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. JvdR (Jun 09)
- Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Mike Healan (Jun 10)
  - Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. JvdR (Jun 10)
- <Possible follow-ups>
- Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Hillel Himovich (Jun 11)