Jump to content

  •  

* * * * * 2 votes

[Security FIX] High Risk !


  • Please log in to reply
9 replies to this topic

#1 Guest_Dr.Core_*

Guest_Dr.Core_*
  • Guest

Posted 10 May 2015 - 10:43 PM

Today i wanna show you an small Fix for any version of IP Boards !

On many forums a blind SQLi is possible ... like this link -> domain.com/interface/ipsconnect/ipsconnect.php

The Infection is here : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id']

You can remove it :) Who = ?

Replacing all in the file with this ->

<p>You can not defeat me...</p>


Thats all :)

Edited by Dr.Core, 10 May 2015 - 10:46 PM.


#2 kaljukass

kaljukass

    Invision-Virus Nerd

  • Member
  • PipPipPipPipPip
  • 401 posts

Posted 11 May 2015 - 08:25 PM

View PostDr.Core, on 10 May 2015 - 10:43 PM, said:

Today i wanna show you an small Fix for any version of IP Boards !

On many forums a blind SQLi is possible ... like this link -> domain.com/interface/ipsconnect/ipsconnect.php

The Infection is here : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id']

You can remove it :) Who = ?

Replacing all in the file with this ->

<p>You can not defeat me...</p>


Thats all :)

The strange thing - or is it a modern joke?

#3 _.:illus!on:._

_.:illus!on:._

    Community Manager

  • Community Manager
  • 2,742 posts

Donator

Posted 11 May 2015 - 10:27 PM

no it is not a joke you can use this file for an error based SQL injection

Posted Image


#4 tigeroo

tigeroo

    Advanced Member

  • Member
  • PipPipPip
  • 30 posts

Posted 13 May 2015 - 08:37 PM

What line do you find this on?

#5 Guest_Dr.Core_*

Guest_Dr.Core_*
  • Guest

Posted 20 May 2015 - 12:18 AM

I post an fixxed version in new version later if i have check all what is possible ...

#6 OsitoPunk

OsitoPunk

    Advanced Member

  • Member
  • PipPipPip
  • 72 posts

Posted 27 May 2015 - 09:20 AM

I'm afraid i am too stupid.

I do not understand how to fix it...

Can anyone post a screenshot or something? Please?? :(

#7 MestreTinho

MestreTinho

    Newbie

  • Member
  • Pip
  • 1 posts

Posted 03 June 2015 - 07:23 PM

how replace all files??

#8 ProHexOriginal

ProHexOriginal

    Newbie

  • Member
  • Pip
  • 3 posts

Posted 09 June 2015 - 03:43 AM

View Post_.:illus!on:._, on 11 May 2015 - 10:27 PM, said:

no it is not a joke you can use this file for an error based SQL injection
it is boolean based unless your error logs are accessible in the public folder.

#9 Guest_Onion_*

Guest_Onion_*
  • Guest

Posted 30 November 2015 - 08:04 AM

Today i found users from here with exactly this exploit. so please fix it guys...

#10 callvirt

callvirt

    Member

  • Member
  • PipPip
  • 10 posts

Posted 05 December 2015 - 03:11 AM

It's there since 2014 fyi.
Simply don't use it and if you do, 1 escape all input 2 invoke from a script u want to use 2 remove all permissions.
And don't forget to add a waf on top of all this complicated fora CMS. You never know, php n ipb are a high risk..

Edited by callvirt, 05 December 2015 - 03:12 AM.

Reality is no more. mf machines, with double controller boards, you replace one. But the firmware is still the same ;)
Corrupted *** criminals. Money games everywhere.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users