[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invision Power Board "v1.X & 2.X" SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Invision Power Board "v1.X & 2.X" SQL Injection
From: mattmecham@xxxxxxxxx
Date: 10 Jul 2006 09:55:27 -0000

Note, none of these 'exploits' have any chance of working.

The CODE attribute is never present in an SQL query - it's only used in a 
switch statement to direct incoming 'traffic' to the correct function within a 
class.

Further more 'act' parameters: 'ketqua' and file 'coin_list.php' are not 
standard IPB 2.x features and must be third party modifications that IPS does 
not distrubute, endorse or support.

Prev by Date: Securing PHP or finding PHP alternatives (was: PHP security (or the lack thereof))
Next by Date: Graffiti Forums v1.0 SQL Injection Vulnerabilities
Previous by thread: Invision Power Board "v1.X & 2.X" SQL Injection
Next by thread: Shopping Cart V0.9
Index(es):
- Date
- Thread