Invision Power Board ST Parameter SQL Injection Vulnerability

Bugtraq ID:	13097
Class:	Input Validation Error
CVE:	CVE-2005-1070
Remote:	Yes
Local:	No
Published:	Apr 11 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovery is credited to dcrab <[email protected]>.
Vulnerable:	Invision Power Services Invision Board 1.3.1 Final Invision Power Services Invision Board 1.3 Final Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.2 Invision Power Services Invision Board 1.1.2 Invision Power Services Invision Board 1.1.1 Invision Power Services Invision Board 1.0.1 Invision Power Services Invision Board 1.0
Not Vulnerable:

Invision Power Board ST Parameter SQL Injection Vulnerability

Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter.

Invision Power Board 1.3.1 and prior versions are affected by this issue.

Invision Power Board ST Parameter SQL Injection Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/forums/index.php?act=Members&max_results=30&filter=1&sort_order=asc&sort_key=name&st=SQL_INJECTION

Invision Power Board ST Parameter SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Invision Power Board ST Parameter SQL Injection Vulnerability

References:

• Invision Board Homepage (Invision Power Services)
  
• Invision board 1.3.1 and below are vulnerable to a sql injection (dcrab )