Exploit Invision Power Board 1.3 - 'SSI.php' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24186
Проверка EDB
  1. Пройдено
Автор
JVDR
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2004-06-11
Код:
source: https://www.securityfocus.com/bid/10511/info

Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script.

Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database.

The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.

Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.

*** There have been conflicting reports stating the the vulnerable variable only accepts integer values and not arbitrary strings. 

http://www.example.com/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION]
 
Источник
www.exploit-db.com

Похожие темы