BugTraq
Back to list
|
Post reply
Invision Power Board v2.1 <= 2.1.6 sql injection exploit
Jul 18 2006 03:41AM
paul14075 gmail com
exploit: http://www.milw0rm.com/exploits/2010
bug report: http://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_b
ug&bug_title_id=2043&bug_cat_id=3
exploit allows:
* Create new admin accounts
* Read existing account info, including session ID's.
* Read password hashes.
* Read just about any field in the database.
Allegedly patched in v2.1.7.
regards.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
bug report: http://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_b
ug&bug_title_id=2043&bug_cat_id=3
exploit allows:
* Create new admin accounts
* Read existing account info, including session ID's.
* Read password hashes.
* Read just about any field in the database.
Allegedly patched in v2.1.7.
regards.
[ reply ]