邪恶八进制信息安全团队技术讨论组 » 重要安全公告{ Security Advisory Bulletin } » 漏洞分析[ Vulnerability Analyse ] » [转载]SQL Injection Vulnerability in Invision Community Blog [查看完整版本]

EvilOctal 2005-1-12 02:02

[转载]SQL Injection Vulnerability in Invision Community Blog

信息来源：[url]www.securityfocus.com[/url]

Invision Community Blog <[url]http://www.invisionblog.com/>[/url], is a powerful blogging system
that will plug straight into your Invision Power Board. Allow your members to
create their own individual blogs.
Invision Community Blog is a comprehensive system with a very easy to use interface.

Due to improper validation checks in the variable eid , it is possible for an attacker
to manipulate an SQL query.

Example:

[url]http://website/forum/index.php?automodule=blog&blogid=14&cmd=showentry&eid=4%20injectionhere[/url]


Website MATRIX 2K WebMasters & Hackers Association
[url]http://www.matrix2k.org[/url]

查看完整版本: [转载]SQL Injection Vulnerability in Invision Community Blog

© 1999-2008 EvilOctal Security Team