Jump to content
Molo.Interlopul

Invision Power Board 3.4.7 SQL Injection Vulnerability- IPB 3.4.7

Recommended Posts

Posted

What is IPB (Invision Power Board) ? :

Invision Power Board is a Software Forum Designed and Made by Invision Power Services. Invision Power Services (IPS) was created in 2002 by Charles Warner and Matt Mecham after they left Jarvis Entertainment Group. It is a forum which is on or made on MySQL Database, The Invision Power Board is written or developed on PHP Language. While Invision Power Board is a commercially Public sold product, there is a large modding community and there are many of these modifications which are free.

The IPB (Invision Power Board) releases a series of thier Product Versions. The First Version releases of Invision Power Board were available as a download free charge under a proprietary license. The version 1.3 is merely used on free of costs forum hosts such as Invision-Free. Since these were released many exploits had been found and they keep updating and patching them. The Second Version was exact like 1.3.1, the same liscence too it was also a free of cost forum host. But after there first update release the version 2.0.1 the download limit was replaced with 5000Posts, 1000 threads a free demo. Many users were got upset with that. The version 3.x was released in 2009. It was a great milestone for IPB Company because of the Forum Software. The version 3.x released in 2010 the modified version as we saw the Modification made by the IPB.

The Search Engine Optimization, its integration with Social Networking Websites like Facebook, Twitter etc.

The Version 3.x was really a great product by IPB unless an exploit has been found in it . And it was SQL – Injection exploit. The Vulnerable Paramter is in ‘/interface/ipsconnect/ipsconnect.php’

There is a $_POST Parameter Vulnerability there..

Post Parameter :

act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id'] parameter is vulnerable. It can easily be exploited with Error Based SQL Injection or Blind Based SQL Injection.

There's Many exploit have been made of this exploit. This is high-level vulnerability as many sites are on IPB Forum.

Exploit here: Private Paste - Pastie

Posted

Salut, nu am habar de chestii de astea de aceea intreb, vreau doar sa testez.

Am incercat script-ul pe koding si pe runnable si primesc urmatoarea eroare mereu

ex: python sql.py si imi returneaza eroarea " Error [1]" stie cineva de ce?

Un mention mi-ar fi de folos, multumesc.

Posted
Salut, nu am habar de chestii de astea de aceea intreb, vreau doar sa testez.

Am incercat script-ul pe koding si pe runnable si primesc urmatoarea eroare mereu

ex: python sql.py si imi returneaza eroarea " Error [1]" stie cineva de ce?

Un mention mi-ar fi de folos, multumesc.

(Inca) Nu stiu Python, dar intra din browser pe: "site . com /interface/ipsconnect/ipsconnect.php ?" si vezi ce raspuns primesti.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...