 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 232
 Members: 0
 Total: 232
|
|
|
|
|
|
Full disclosure |
|
Google Firebase hosting suspension / "malware distribution"bypass
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
IPB <=2.3.5 sql injection widespread! |
|
 Posted: Wed Sep 17, 2008 11:46 am |
 |
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
 |
|
 |
|
I'm estimating, that ~ one third IPB based forums on Internet are right now (17. sept. 2008) affected by sql injection, found by darkfig.
This is easiest test, useable even for megan00bs:
http://www.***.com/forums/index.php?act=xmlout&do=check-display-name&name=%2527
If you see error message:
| Code: |
IPS Driver Error
There appears to be an error with the database.
You can try to refresh the page by clicking here
|
... then sql injection is possible and you can have admin's hash and salt within few minutes 
This situation is not lasting very long and patch will be spreading soon, so ...  |
|
|
|
|
| Posted: Wed Sep 17, 2008 12:59 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Time to pick a harvest. ))) |
|
|
|
|
| Posted: Sat Sep 20, 2008 8:59 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Oct 15, 2008 11:50 am |
|
|
| anthonis |
| Regular user |
 |
|
| Joined: Oct 15, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
| if i get reply notfound from the link what i have to do ??? |
|
|
|
|
| Posted: Wed Oct 15, 2008 11:58 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Oct 15, 2008 12:08 pm |
|
|
| anthonis |
| Regular user |
|
|
| Joined: Oct 15, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Oct 15, 2008 3:34 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Oct 16, 2008 2:58 am |
|
|
| devildavid |
| Regular user |
|
|
| Joined: Oct 16, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
it means its patched already |
|
|
|
|
| Posted: Thu Oct 16, 2008 3:00 am |
|
|
| devildavid |
| Regular user |
|
|
| Joined: Oct 16, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| pexli wrote: | http://www.waraxe.us/forum-52.html
Thread name
IPB <= 2.3.5 sql injection exploit (new version 1.2)
..on top of the page.  |
if its not patched how can i use the exploit? |
|
|
|
|
| Posted: Thu Oct 16, 2008 4:17 am |
|
|
| anthonis |
| Regular user |
|
|
| Joined: Oct 15, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
 is there any exploit if this one is patched ???  |
|
|
|
|
| Posted: Sun Oct 26, 2008 2:45 pm |
|
|
| erratico |
| Regular user |
|
|
| Joined: Oct 25, 2008 |
| Posts: 11 |
|
|
|
|
|
|
|
thanx
works excelent |
|
|
|
|
| Posted: Sun Oct 26, 2008 6:33 pm |
|
|
| mattoni |
| Active user |
|
|
| Joined: Oct 26, 2008 |
| Posts: 34 |
| Location: United Kingdom |
|
|
|
|
|
|
how can i use this? do i need a software?
could you explain please? |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
