Full Disclosure mailing list archives

FluxBB <= 1.5.6 SQL Injection

From: secthrowaway () Safe-mail net
Date: Fri, 21 Nov 2014 02:23:30 -0500

FluxBB version 1.5.6 and below suffers from a SQL injection vulnerability.

Solution: update to FluxBB 1.5.7

Working, automated PoC is attached.

Attachment: fluxbb.py
Description:


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 21)
- <Possible follow-ups>
- Re: FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 25)