GulfTech Computers - Professional Computer Services  
Additional Links
-> Dicussion Forum
-> Encryption Tools
-> Information Tools
-> Net Info Tools
-> Latest Advisories
-> Latest Vulns
-> Latest Win Software
-> Latest Nix Software
-> Security News
-> Security Press
Recent News

GulfTech Computers strives to beat the price(s) of any other business around. Check with us first as it just may save you some time and money. And who doesn't want to save money? Please contact us with any questions or inquiries.

Latest GulfTech Releases

SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used to find many hosts not on the public netblock. A very interesting tool to say the least. Works on both Nix and Windows based systems. Get it now!

Download SubScan v1.2

Search GulfTech
You can use the form below to search our site. Just enter the keyword or keywords to search.
Latest Advisories
SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe (SCOSA-2004.7)
SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities (SCOSA-2004.10)
SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges (SCOSA-2004.3)
SCO Security Advisory - UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges. (SCOSA-2004.2)
Microsoft Security Bulletin Re-release, August 2004
Latest Vulnerabilities
OpenFTPD Format String Vulnerability
Fusion News Unauthorized Account Addition Vulnerability
Jaws 0.4 Authentication Bypass Vulnerability
DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability
LostBook v1.1 Javascript Execution Vulnerability
Latest Security News
Anti-spam spamvertisers agree to quit
Black Hat day 2 sounds security alarm
VPNs (Virtual Private Nightmares)
HNS Newsletter issue 224 has been released
Long-awaited IE patch (finally) arrives















Invision Power Board "Vulnerabilities"
March 02, 2022


Vendor : Invision Power Services
URL : http://www.invisionboard.com
Version : 1.3 && others ??
Risk : Path Disclosure && Query Tampering
BID : http://www.securityfocus.com/bid/9810


Description:
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world.


Problem:
There are three problems I am going to talk about here. neither I believe to be critical. The first causes an SQL error by tampering with the offset in the "sources/Memberlist.php" feature. Below is an example of a "vulnerable" query.

index.php?&act;=Members&max;_results=10&filter;=ALL&sort;_order=asc&sort;_key=name&st;=[ Junk ]

The same issue is also present in the "sources/Online.php" file

index.php?&act;=Online&CODE;=listall&sort;_key=click&sort;_order=desc&show;_mem=all&st;=[ Junk ]

The other problem is that it is easy for an attacker to learn the full physical path of the webserver. This can be accomplished via the "Change Personal Photo" option in the user control panel. By entering an invalid character such as a null character "%20" in the upload box and submitting the form you will be greeted by the following error message:

Warning: getimagesize() [function.getimagesize]: 
Read error! in /full/path/sources/lib/usercp_functions.php on line 192


Solution:
These are not critical issues, so they will probably not be addressed until the next public release on Invision Power Board.
----------------------------------------
Hello,
Thanks for the email.
All outstanding non-critical reports will be dealt with in the next 
release. The discussion on the forum password plaintext vulnberability 
is a little moot as it's documented as a 'quick fix' forum permission 
and shouldn't be used in place of forum permissions. In any case, this 
may well be resolved by using an MD5 hash in the cookie.
Regards
Matthew Mecham
Invision Power Board Lead Developer
Invision Power Services, Inc. CEO
----------------------------------------
This is not what I expected out of Invision Power Board at all. I agree that the issues are not highly critical, but they SHOULD be addressed. Any other popular forum system I can think of would have had these issues fixed within a week. I hope that Invision are not getting lazy and thinking only the biggest holes need fixing.


Credits:
Credits go to JeiAr of the GulfTech Security Research Team.






© Copyright 2002 - GulfTech Computers, All Rights Reserved
Contact GulfTech Computers