SQL injection in Invision Power Board v2.1.5

2006.03.07

Credit: ???? ???? (mr_snake_my hotmail com)

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-2204

CWE: CWE-89

CVSS Base Score: 5.5/10

Impact Subscore: 4.9/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: None

SQL injection in Invision Power Board v2.1.5
Software: Invision Power Board
Web Site : http://forums.invisionpower.com
Versions: v2.1.5
Type: SQL Injection
Class: Remote
example :
http://www.victem.com/forum/index.php?showtopic=[anytopic]&pid=1&st=-1[s
ql]
Discovered by : Mr.SNAKE
GreeTz : greetz to all my freind in www.lezr.com
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SQL injection in Invision Power Board v2.1.5

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.