Full Disclosure mailing list archives
Re: FluxBB <= 1.5.6 SQL Injection
From: secthrowaway () Safe-mail net
Date: Sat, 22 Nov 2014 00:12:25 -0500
Anti-spam is awesome, but not in attachments. Replace all occurrences of ' () ' with '@' for the exploit to work. -------- Original Message -------- From: secthrowaway () Safe-mail net To: fulldisclosure () seclists org Subject: [FD] FluxBB <= 1.5.6 SQL Injection Date: Fri, 21 Nov 2014 02:23:30 -0500
FluxBB version 1.5.6 and below suffers from a SQL injection vulnerability. Solution: update to FluxBB 1.5.7 Working, automated PoC is attached.
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 21)
- <Possible follow-ups>
- Re: FluxBB <= 1.5.6 SQL Injection secthrowaway (Nov 25)