amuck-landowner

Running IPB? Here's a quick tip

KwiceroLTD

New Member
Verified Provider
To everyone running IPB,

There's a full path disclosure which can lead to leakage of some other information including IP addresses (of admin or visitor), SQL query information, database name, etc. This was reported to IPB now three weeks ago, and all they did was patch their own website and didn't bother to even respond to the email. It's patched on VPSBoard (informed MannDude a while back), and they (IPB/IPS) don't seem like fixing it in their software, so details are as follows:

File: cache/sql_error_latest.cgi

It can leak information like IP addresses of users, page details, and paths. it has the potentional to be more serious should anything sensative be revealed in your request at time of SQL failure (ie: sess_hash={token}), quick fix is to deny access to the file. It's not very important, and most sites I scanned don't have the file public visible, but it could potentionally lead to some issues (it's main function is for information gathering if anything).

Examples:

1. Error: 1146 - Table 'ipsCommunity4.ibf_cache_store' doesn't exist (IPS official website).

2. And other things like:

Code:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Date: Sat, 27 Jun 2015 11:31:41 +0000
 Error: 2013 - Lost connection to MySQL server during query
 IP Address: 98.20.[redacted].[redacted] - /index.php?app=core&module=search&do=search&fromMainBar=1
 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 mySQL query error: SELECT p.pid, p.queued,t.approved, t.forum_id FROM posts p  LEFT JOIN topics t ON ( p.topic_id=t.tid )   WHERE t.forum_id IN (19,53,5,4,10,14,26,35,30,31,32,33,34,36,37,38,12,13,27,39,8,47,29,24,25,45,49,18,16,17,54,23,146,50,9,46,104,107,93,102,94,95,97,96,98,99,100,73,106,74,75,85,77,103,92,66,86,72,68,71,67,70,69,55,111,109,113,58,60,61,76,62,78,63,65,64,80,101,89,90,81,82,83,84,91,112,126,129,130,131,132,133,134,144,141,142,143,145) AND  p.queued=0  AND  t.approved=1  AND  t.topic_archive_status IN (0,3)  AND MATCH( p.post ) AGAINST( 'bobo' IN BOOLEAN MODE ) AND t.state != 'link' ORDER BY post_date desc LIMIT 0,100
 .--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------.
 | File                                                                       | Function                                                                      | Line No.          |
 |----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------|
 | fAcontent_bFf/applications/forums/extensions/search/engines/sql.php        | [search_engine_forums]._buildWhereStatement                                   | 173               |
 '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Yeah, I have voiced concerns with them in the past. Was told they'd look into it. After no real response I posted something on their forum to warn other paying customers of an issue. The thread was removed within minutes. Later they released a patch and credited someone else for bringing it to their attention. Haha.

I have a real strong love/hate relationship with IPB. It swings severely both ways at times. I've been on the hate side of the fence lately though. 
 
Top
amuck-landowner