BugTraq
Back to list
|
Post reply
Re: SQL-injections in Invision Power Board v2.0.1
Apr 27 2005 05:43AM
Steven M. Christey (coley mitre org)
This issue appears to be a rediscovery of a Bugtraq post by Alexander
Anisimov on November 18, 2004:
[MaxPatrol] SQL-injection in Invision Power Board 2.x
http://www.securityfocus.com/archive/1/381503
1) Both inject the SQL into the "qpid" parameter
2) Both deal with the "post" action ("act=Post") in index.php
3) The vendor fixed the issue as identified in the following forum
post:
http://forums.invisionpower.com/index.php?showtopic=154916
- Steve
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
This issue appears to be a rediscovery of a Bugtraq post by Alexander
Anisimov on November 18, 2004:
[MaxPatrol] SQL-injection in Invision Power Board 2.x
http://www.securityfocus.com/archive/1/381503
1) Both inject the SQL into the "qpid" parameter
2) Both deal with the "post" action ("act=Post") in index.php
3) The vendor fixed the issue as identified in the following forum
post:
http://forums.invisionpower.com/index.php?showtopic=154916
- Steve
[ reply ]