[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SQL injection in Invision Power Board v2.1.5

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SQL injection in Invision Power Board v2.1.5
From: mattmecham@xxxxxxxxx
Date: 7 Mar 2006 10:07:28 -0000

I've tested this and cannot get SQL to execute. The "s" parameter is run past 
PHP's intval() which knocks off anything that's not a number.

Can you explain how you got this to work?

Prev by Date: [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution
Next by Date: IM Lock 2006 - Insecure Registry Permission Vulnerability
Previous by thread: SQL injection in Invision Power Board v2.1.5
Next by thread: [USN-260-1] flex vulnerability
Index(es):
- Date
- Thread