TUCoPS :: Web BBS :: Frequently Exploited :: b06-3706.htm

Invision Power Board v2.1 <= 2.1.6 sql injection exploit
Invision Power Board v2.1 <= 2.1.6 sql injection exploit
Invision Power Board v2.1 <= 2.1.6 sql injection exploit



exploit: http://www.milw0rm.com/exploits/2010=0D 
=0D
bug report: http://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_bug&bug_title_id=2043&bug_cat_id=3=0D 
=0D
exploit allows:=0D
=0D
* Create new admin accounts=0D
* Read existing account info, including session ID's.=0D
* Read password hashes.=0D
* Read just about any field in the database.=0D
=0D
Allegedly patched in v2.1.7.=0D
=0D
=0D
regards.=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH