• info
• discussion
• exploit
• solution
• references

Invision Power Board Search.PHP "st" SQL Injection Vulnerability

Solution:
The vendor has released a patch to address this issue in the search search.php script:


Invision Power Services Invision Board 1.0

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 1.0.1

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 1.1.1

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 1.1.2

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 1.2

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 1.3

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 2.0 PDR3

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298

Invision Power Services Invision Board 2.0 Alpha 3

• Invision Power Services search.zip
  http://forums.invisionpower.com/index.php?s=bc4e9438d266206887560633dc e21d30&act=Attach&type=post&id=1298