Molo.Interlopul Posted February 21, 2015 Report Posted February 21, 2015 What is IPB (Invision Power Board) ? :Invision Power Board is a Software Forum Designed and Made by Invision Power Services. Invision Power Services (IPS) was created in 2002 by Charles Warner and Matt Mecham after they left Jarvis Entertainment Group. It is a forum which is on or made on MySQL Database, The Invision Power Board is written or developed on PHP Language. While Invision Power Board is a commercially Public sold product, there is a large modding community and there are many of these modifications which are free.The IPB (Invision Power Board) releases a series of thier Product Versions. The First Version releases of Invision Power Board were available as a download free charge under a proprietary license. The version 1.3 is merely used on free of costs forum hosts such as Invision-Free. Since these were released many exploits had been found and they keep updating and patching them. The Second Version was exact like 1.3.1, the same liscence too it was also a free of cost forum host. But after there first update release the version 2.0.1 the download limit was replaced with 5000Posts, 1000 threads a free demo. Many users were got upset with that. The version 3.x was released in 2009. It was a great milestone for IPB Company because of the Forum Software. The version 3.x released in 2010 the modified version as we saw the Modification made by the IPB.The Search Engine Optimization, its integration with Social Networking Websites like Facebook, Twitter etc.The Version 3.x was really a great product by IPB unless an exploit has been found in it . And it was SQL – Injection exploit. The Vulnerable Paramter is in ‘/interface/ipsconnect/ipsconnect.php’There is a $_POST Parameter Vulnerability there..Post Parameter :act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id'] parameter is vulnerable. It can easily be exploited with Error Based SQL Injection or Blind Based SQL Injection.There's Many exploit have been made of this exploit. This is high-level vulnerability as many sites are on IPB Forum.Exploit here: Private Paste - Pastie Quote
Nytro Posted February 21, 2015 Report Posted February 21, 2015 Da, se pare ca vBulletin nu e singurul script cu astfel de probleme.L-a testat cineva? Quote
Scripter Posted February 22, 2015 Report Posted February 22, 2015 (edited) Functioneaza ! EDIT: Functioneaza dar email-urile nu corespund utilizatorilor Edited February 22, 2015 by Scripter Quote
Coco Posted February 23, 2015 Report Posted February 23, 2015 Salut, nu am habar de chestii de astea de aceea intreb, vreau doar sa testez.Am incercat script-ul pe koding si pe runnable si primesc urmatoarea eroare mereuex: python sql.py si imi returneaza eroarea " Error [1]" stie cineva de ce?Un mention mi-ar fi de folos, multumesc. Quote
Nytro Posted February 23, 2015 Report Posted February 23, 2015 Salut, nu am habar de chestii de astea de aceea intreb, vreau doar sa testez.Am incercat script-ul pe koding si pe runnable si primesc urmatoarea eroare mereuex: python sql.py si imi returneaza eroarea " Error [1]" stie cineva de ce?Un mention mi-ar fi de folos, multumesc.(Inca) Nu stiu Python, dar intra din browser pe: "site . com /interface/ipsconnect/ipsconnect.php ?" si vezi ce raspuns primesti. Quote
mundy. Posted February 27, 2015 Report Posted February 27, 2015 @Nytro, am incercat eu pe propriul meu forum acel link de mai sus postat de catre tine, imi apare pagina alba. Quote