Jump to content

  •  

* * * * * 2 votes

[Security FIX] High Risk !


  • Please log in to reply
14 replies to this topic

#1 Guest_Dr.Core_*

Guest_Dr.Core_*
  • Guest

Posted 10 May 2015 - 10:43 PM

Today i wanna show you an small Fix for any version of IP Boards !

On many forums a blind SQLi is possible ... like this link -> domain.com/interface/ipsconnect/ipsconnect.php

The Infection is here : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id']

You can remove it :) Who = ?

Replacing all in the file with this ->

<p>You can not defeat me...</p>


Thats all :)

Edited by Dr.Core, 10 May 2015 - 10:46 PM.


#2 kaljukass

kaljukass

    Invision-Virus Nerd

  • Member
  • PipPipPipPipPip
  • 356 posts

Posted 11 May 2015 - 08:25 PM

View PostDr.Core, on 10 May 2015 - 10:43 PM, said:

Today i wanna show you an small Fix for any version of IP Boards !

On many forums a blind SQLi is possible ... like this link -> domain.com/interface/ipsconnect/ipsconnect.php

The Infection is here : act=login&idType=id&id=’id here’ <-- Here is the Vulnerable Parameter. the $_POST['id']

You can remove it :) Who = ?

Replacing all in the file with this ->

<p>You can not defeat me...</p>


Thats all :)

The strange thing - or is it a modern joke?

#3 Guest_Dr.Core_*

Guest_Dr.Core_*
  • Guest

Posted 11 May 2015 - 10:22 PM

Thats not a joke, if you do not trust me, ask Illusion they have check it on my server it is a possible sqli

#4 _.:illus!on:._

_.:illus!on:._

    Community Manager

  • Community Manager
  • 2,718 posts

Donator

Posted 11 May 2015 - 10:27 PM

no it is not a joke you can use this file for an error based SQL injection

Posted Image


#5 tigeroo

tigeroo

    Advanced Member

  • Member
  • PipPipPip
  • 30 posts

Posted 13 May 2015 - 08:37 PM

What line do you find this on?

#6 Guest_Dr.Core_*

Guest_Dr.Core_*
  • Guest

Posted 20 May 2015 - 12:18 AM

I post an fixxed version in new version later if i have check all what is possible ...

#7 OsitoPunk

OsitoPunk

    Advanced Member

  • Member
  • PipPipPip
  • 72 posts

Posted 27 May 2015 - 09:20 AM

I'm afraid i am too stupid.

I do not understand how to fix it...

Can anyone post a screenshot or something? Please?? :(

#8 MestreTinho

MestreTinho

    Newbie

  • Member
  • Pip
  • 1 posts

Posted 03 June 2015 - 07:23 PM

how replace all files??

#9 ProHexOriginal

ProHexOriginal

    Newbie

  • Member
  • Pip
  • 3 posts

Posted 09 June 2015 - 03:43 AM

View Post_.:illus!on:._, on 11 May 2015 - 10:27 PM, said:

no it is not a joke you can use this file for an error based SQL injection
it is boolean based unless your error logs are accessible in the public folder.

#10 Guest_Onion_*

Guest_Onion_*
  • Guest

Posted 30 November 2015 - 08:04 AM

Today i found users from here with exactly this exploit. so please fix it guys...

#11 callvirt

callvirt

    Member

  • Member
  • PipPip
  • 10 posts

Posted 05 December 2015 - 03:11 AM

It's there since 2014 fyi.
Simply don't use it and if you do, 1 escape all input 2 invoke from a script u want to use 2 remove all permissions.
And don't forget to add a waf on top of all this complicated fora CMS. You never know, php n ipb are a high risk..

Edited by callvirt, 05 December 2015 - 03:12 AM.

Reality is no more. mf machines, with double controller boards, you replace one. But the firmware is still the same ;)
Corrupted *** criminals. Money games everywhere.

#12 kodiak

kodiak

    Newbie

  • Donator
  • Pip
  • 6 posts

Donator

Posted 23 February 2018 - 05:28 AM

is that for ipboard 4.2 too?

#13 zTuerie

zTuerie

    Newbie

  • Member
  • Pip
  • 5 posts

Posted 11 March 2018 - 08:03 AM

Thank's for the tutorial.

#14 quattro123

quattro123

    Newbie

  • Member
  • Pip
  • 6 posts

Posted 16 April 2018 - 10:32 PM

Wow, thank you very much for this tutorial!

#15 DJ Kondzio

DJ Kondzio

    Newbie

  • Member
  • Pip
  • 2 posts

Posted 17 May 2018 - 03:56 AM

Thank's for tutorial




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users