[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] FluxBB <= 1.5.6 SQL Injection

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] FluxBB <= 1.5.6 SQL Injection
From: secthrowaway@xxxxxxxxxxxxx
Date: Sat, 22 Nov 2014 00:12:25 -0500

Anti-spam is awesome, but not in attachments. Replace all occurrences of ' () ' 
with '@' for the exploit to work.

-------- Original Message --------
From: secthrowaway@xxxxxxxxxxxxx
To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] FluxBB <= 1.5.6 SQL Injection
Date: Fri, 21 Nov 2014 02:23:30 -0500

> FluxBB version 1.5.6 and below suffers from a SQL injection vulnerability.
> 
> Solution: update to FluxBB 1.5.7
> 
> Working, automated PoC is attached.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
Next by Date: [FD] DataSoft Nova Anti-reconnaissance System 13.10.0 || Stored XSS
Previous by thread: [FD] FluxBB <= 1.5.6 SQL Injection
Next by thread: [FD] on Linux, 'less' can probably get you owned
Index(es):
- Date
- Thread