http://www.gulftech.org/03222004.php


Invision Gallery is integrated into IPB, so these vulns can be used in some cases to completely take over an Invision power Board installation.

hey thx man im very happy cause you are always publishing a new vuln

love you man

and antoher nice one! thanks

Anyone actually get any working examples for this yet?

Well, I got queries to execute successfully, but between not having source code and not having much free time I gave up after about five minutes heheheh

index.php?act=module&module=gallery&cmd=postcomment&img=99 UNION SELECT m.id,0,0,0,0,0,0,0,0,m.password,0,0,0,0,0,0,0,0 FROM ibf_members m WHERE 1 /*

notice where m.id and m.password are probably need to be changed depending on the type (int, char, etc etc) These are just raw examples in order to help you, not do it for you.

Oh, and the above example I gave DOES execute successfully, just hasn't been made exploitable

thanx dude that was a nice find cheerz

Im very new to the whole SQL Injection idea. I've just never tried it. So I will ask a dumb question now...

I put that all in on a board, and it just showed me the index? What exactly should I see if it worked?
And do I just put that exactly as it is, in the address box? or do I need to modify it, seems it would need some quotes somewhere?

If you are new to SQL you need to learn how to do some SQL programming, not how to exploit an SQL hole.

thx jeiAr for again a new sql hole !!

Im not new to SQL, ive used SQL for about 8 years now. I am new to using it in this way. And crafting it properly for injection.

I know SQL very well

If you are that familiar with SQL then you are good to go.

thx mr james for the comment
by the way
would you add me on yahoo ro msn messenger to have some private messages ?!

i will be very glad to chat with you

yahoo handel : ni3_b0om@yahoo.com
msn messenger handel : ni3_b0om@yahoo.com

thx

have a nice time