Bugtraq: Re: SQL-injections in Invision Power Board v2.0.1

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SQL-injections in Invision Power Board v2.0.1

From: "Steven M. Christey" <coley () mitre org>
Date: Wed, 27 Apr 2005 01:43:58 -0400 (EDT)


This issue appears to be a rediscovery of a Bugtraq post by Alexander
Anisimov on November 18, 2004:

  [MaxPatrol] SQL-injection in Invision Power Board 2.x
  http://www.securityfocus.com/archive/1/381503

1) Both inject the SQL into the "qpid" parameter

2) Both deal with the "post" action ("act=Post") in index.php

3) The vendor fixed the issue as identified in the following forum
   post:

    http://forums.invisionpower.com/index.php?showtopic=154916


- Steve

By Date By Thread

Current thread:

SQL-injections in Invision Power Board v2.0.1 CENSORED (Apr 26)
- <Possible follow-ups>
- Re: SQL-injections in Invision Power Board v2.0.1 Steven M. Christey (Apr 27)