Bugtraq mailing list archives
Invision Power Board v2.1 <= 2.1.6 sql injection exploit
From: paul14075 () gmail com
Date: 18 Jul 2006 03:41:40 -0000
exploit: http://www.milw0rm.com/exploits/2010 bug report: http://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_bug&bug_title_id=2043&bug_cat_id=3 exploit allows: * Create new admin accounts * Read existing account info, including session ID's. * Read password hashes. * Read just about any field in the database. Allegedly patched in v2.1.7. regards.
Current thread:
- Invision Power Board v2.1 <= 2.1.6 sql injection exploit paul14075 (Jul 18)