Invision Power Board is vulnerable to an SQL Injection Vulnerability. All
versions up to 2.0 Alpha 3 seem to be affected. Below is an example URL
to test if you are vulnerable.
If you are vulnerable (you should be) you will see an error message similar
to the one posted below. The only requirement is to know a valid forum number
and to have read access to that forum (must be able to view it).
mySQL query error: SELECT * from ibf_topics WHERE forum_id=2 and approved=1
and (last_post > 0 OR pinned=1) ORDER BY pinned DESC, [Problem_Is_Here] DESC
mySQL error: You have an error in your SQL syntax near '[Problem_Is_Here]
DESC LIMIT 0,15' at line 1
mySQL error code:
Date: Saturday 13th of December 2003 01:25:30 AM