Invision Power Board SQL PHP File Inclusion and SQL Injection

[newsbot]

Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

**Hidden Content: To see this hidden content your post count must be 1 or greater.**

[newsbot]

Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

**Hidden Content: To see this hidden content your post count must be 1 or greater.**