IPB <= 2.1.5 SQL inj. vuln.
###############################################
Vuln. discovered by : r0t
Date: 19 april 2006
vendorlink:http://www.invisionboard.com/
affected versions:2.1.5 and previous
orginal advisory:
http://pridels.blogspot.com/2006/04/ipb-215-sql-inj-vuln.html
###############################################
Vuln. Description:
IPB contains a flaw that allows a remote sql injection attacks.Input passed
to the "st" parameter in "index.php" isn't properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
example:
/index.php?act=Online&st=-1[SQL]
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/