SQL Injection Vulnerability

[MasterVision]

Greetings to all!

I just want to put this comments for your customer's security and for your awareness of the SQL Injection Vulnerability of the IPB System because I was hacked and made my board inaccessible even I just recently updated to the most stable release 3.0.5 IP.Board.

Can you please check all the possible gateways for the attackers to get in IPB.Board? Because if someone successfully get in to my board that easy, all IPB customers will be in danger.

Thank you very much and hope you'll pay attention to it.

[Wolfie]

You should submit a ticket in the client area so that you can give them any and all details possible to help them determine how it happened.

Just simply saying that it happened won't do any good if they have no details, and I doubt IPS would like the details of how it happened explained here, for security purposes. (However, I could be wrong about that last part.)

[MasterVision]

Of course the security is our main concern here that's why I put it here as feedback not only for myself but for you as well if you are running IP System, especially the IP.Board.

In this way, they will be aware that they should do something for their customers' security. Dont get me wrong here.

[Wolfie]

IPS has demonstrated in the past that security is a top priority. :)

I was just saying to contact them in private to try to help them determine how it happened so that they can get it fixed. Wasn't fussing or anything, just that as a fellow customer, I would like a patch ASAP, and so I'm eager for them to become aware of it so they can start working on it.

[Jaggi]

There are no known vulnerabilities in IPB at this moment and if there were they are usually fixed very quickly. If you think you've found one then please submit a ticket in your client area. IPS will investigate you board to see if it was indeed ipb which was hacked or whether it was down to a vulnerability in your server setup.

[bfarber]

As Jaggi said, we're not aware of any SQL Injection vulnerabilities with the latest version of IPB. If you believe you were hacked through IP.Board it is imperative you submit a ticket so that we can investigate. If indeed you were attacked through IPB we'll make a security patch and release it. We have nothing to go on, however, at this point.