TUCoPS :: Web BBS :: Frequently Exploited :: hack2584.htm

Invision Power Board SQL Injection Vuln
Invision Power Board SQL Injection Vuln [ All Versions ] 



Vendor  : Invision Power Services

URL     : http://www.invisionpower.com 

Version : All Versions Up To v2.0 Alpha 3

Risk    : SQL Injection Vulnerability





Description:

Invision Power Board (IPB) is a professional forum system that has been 

built from the ground up with speed and security in mind, taking advantage 

of object oriented code, highly-optimized SQL queries, and the fast PHP 

engine. A comprehensive administration control panel is included to help 

you keep your board running smoothly. Moderators will also enjoy the full 

range of options available to them via built-in tools and moderators control

panel. Members will appreciate the ability to subscribe to topics, send 

private messages, and perform a host of other options through the user 

control panel. It is used by millions of people over the world.





Problem:

Invision Power Board is vulnerable to an SQL Injection Vulnerability. All

versions up to 2.0 Alpha 3 seem to be affected. Below is an example URL

to test if you are vulnerable.





/index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[Problem_is_here]



If you are vulnerable (you should be) you will see an error message similar

to the one posted below. The only requirement is to know a valid forum number

and to have read access to that forum (must be able to view it).





Begin Error Message

------------------------------

mySQL query error: SELECT * from ibf_topics WHERE forum_id=2 and approved=1 

and (last_post > 0 OR pinned=1) ORDER BY pinned DESC, [Problem_is_here] DESC 

LIMIT 0,15



mySQL error: You have an error in your SQL syntax near '[Problem_is_here] 

DESC LIMIT 0,15' at line 1



mySQL error code: 

Date: Saturday 13th of December 2003 01:25:30 AM

-------------------------------





Solution:

Invision Power Services have released a fix for this. You can view the forum post



http://forums.invisionpower.com/index.php?showtopic=106774&st=0&# entry762426



Or go straight to the download page.



http://www.invisionboard.com/download/index.php?act=dl&s=1&id=12 &p=1





Credits:

Credits go to JeiAr of the GulfTech Security Research Team. 

http://www.gulftech.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH