IPBProArcade High Score Listing Remote SQL Injection Vulnerability
BID:12138
Info
IPBProArcade High Score Listing Remote SQL Injection Vulnerability
| Bugtraq ID: | 12138 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 31 2004 12:00AM |
| Updated: | Dec 31 2004 12:00AM |
| Credit: | mike bailey <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
ipbProArcade ipbProArcade 2.5 |
| Not Vulnerable: | |
Discussion
IPBProArcade High Score Listing Remote SQL Injection Vulnerability
A remote SQL injection vulnerability reportedly affects the high-score listing functionality in ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and influence database queries. This may facilitate the disclosure or corruption of sensitive database information. It is possible that this could compromise the software or database security properties.
A remote SQL injection vulnerability reportedly affects the high-score listing functionality in ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and influence database queries. This may facilitate the disclosure or corruption of sensitive database information. It is possible that this could compromise the software or database security properties.
Exploit / POC
IPBProArcade High Score Listing Remote SQL Injection Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been made available:
http://www.example.com/index.php?act=Arcade&do=stats&gameid=[SQL]
No exploit is required to leverage this issue. The following proof of concept has been made available:
http://www.example.com/index.php?act=Arcade&do=stats&gameid=[SQL]
Solution / Fix
IPBProArcade High Score Listing Remote SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IPBProArcade High Score Listing Remote SQL Injection Vulnerability
References:
References:
- ProArcade Home Page (ProArcade)
- SQL Injection Vulnerability In IBProArcade (mike bailey
)