Lucene search
+L

44 matches found

exploitpack
exploitpack
added 2010/03/04 12:0 a.m.22 views

BBSXP 2008 - ShowPost.asp Cross-Site Scripting

BBSXP 2008 - ShowPost.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/38542/info BBSXP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2010/03/04 12:0 a.m.23 views

BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38542/info BBSXP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score
Exploits0
myhack58
myhack58
added 2010/03/04 12:0 a.m.30 views

BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net

Affected versions: BBSxp 2 0 0 8 Build: 8.0.4 Vulnerability description: File:MoveThread. asp MoveThread. asp line 2-2 of 4 if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=R...

1.2AI score
Exploits0
myhack58
myhack58
added 2010/02/28 12:0 a.m.17 views

BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net

File:MoveThread. asp MoveThread. asp line 2-2 of 4 % if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...

1AI score
Exploits0
Prion
Prion
added 2009/01/27 6:30 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...

4.3CVSS6.2AI score0.01449EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2009/01/27 6:30 p.m.19 views

CVE-2009-0285

Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...

4.3CVSS5.7AI score0.01449EPSS
Exploits1References3
Cvelist
Cvelist
added 2009/01/27 6:0 p.m.24 views

CVE-2009-0285

Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...

5.7AI score0.01449EPSS
Exploits1References3
CVE
CVE
added 2009/01/27 6:0 p.m.41 views

CVE-2009-0285

CVE-2009-0285 describes a cross-site scripting (XSS) vulnerability in the error.asp page of BBSXP 5.13 and earlier . The weakness is exploitable via the message parameter , enabling remote attackers to inject arbitrary web script or HTML. The provided documents confirm the vulnerability and affec...

4.3CVSS5.9AI score0.01449EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2009/01/25 12:0 a.m.38 views

BBSxp Xss vulnerability

Product name: BBSxp System Vendor: www.bbsxp.com BBSxp 5.13 & prior versions XSS bug in error.asp page Example: http://example/bbs/error.asp?message=xss...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/23 12:0 a.m.17 views

BBSxp 5.13 Cross Site Scripting

Product name: BBSxp System Vendor: www.bbsxp.com BBSxp 5.13 & prior versions XSS bug in error.asp page Example: http://example/bbs/error.asp?message=xss...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2009/01/23 12:0 a.m.15 views

BBSXP 5.13 - error.asp Cross-Site Scripting

BBSXP 5.13 - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/33411/info BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/23 12:0 a.m.23 views

BBSXP 5.13 - 'error.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/33411/info BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.33 views

BBSxp 2008 MoveThread.asp页面存在SQL注入漏洞

BBSXP为一款简单的ASP+SQL与ACCESS开发的多风格论坛 目前最新版本为BBSXP2008。漏洞文件:MoveThread.asp MoveThread.asp行2-24% if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.22 views

BBSXP论坛程序Manage.asp页面过滤不严导致SQL注入漏洞

漏洞描述: Manage.asp文件的ThreadID没有经过任何过滤便放入SQL语句中执行 导致注射漏洞发生 漏洞代码: % if CookieUserName=empty then error"您还未a href=""javascript:BBSXPModal.Open'Login.asp',380,170;""登录/a论坛" if RequestMethod "POST" then error"li提交方式错误!/lili您本次使用的是"& RequestMethod&"提交方式!/li" ForumID=RequestInt"ForumID"...

7AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.22 views

BBSxp HTMLEncode过滤函数过滤不严导致绕过漏洞

BBSXP为一款简单的ASP+SQL与ACCESS开发的多风格论坛 目前最新版本为BBSXP2008。 官方最新过滤函数HTMLEncode,这次过滤了字符 ,再一次绕过过滤注射 Function HTMLEncodefString fString=ReplacefString,CHR9,"" fString=ReplacefString,CHR13,"" fString=ReplacefString,CHR22,"" fString=ReplacefString,CHR38,"&" '“&” fString=ReplacefString,CHR32," " '“ ”...

7.1AI score
Exploits0
myhack58
myhack58
added 2008/06/11 12:0 a.m.26 views

BBSXP the latest vulnerability and the discovery process-vulnerability warning-the black bar safety net

Operating environment: Micromedia Dreamweaver 8.0+IIS 5.0+SQL Server 2 0 0 0+BBSXP 6.00 SP1 SQL Travel back to the days of work relatively easily, just as everyone presented a few days ago found BBSXP new vulnerability, the way to find the ASP program vulnerability method. See here you should thi...

8.2AI score
Exploits0
myhack58
myhack58
added 2008/03/10 12:0 a.m.17 views

BBSxp 2 0 0 8 (Build: 8.0.4) Sql Injection Vulnerability-vulnerability warning-the black bar safety net

============================================ Starter http://www. nspcn. org, reprint please reserved here copyright ============================================ Vulnerability release:Tr4c3at1 2 6dotCom Impact version BBSxp 2 0 0 8 Build: 8.0.4other version not see Vulnerability file:MoveThread. a...

7.8AI score
Exploits0
seebug.org
seebug.org
added 2008/03/09 12:0 a.m.16 views

BBSxp 2008 (Build: 8.0.4) Sql Injection Vulnerability

MoveThread.asp MoveThread.asp行2-24 % if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then ThreadIDArray=SplitThreadID,"," '判断数组,避免13行出错 if...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/02/22 12:0 a.m.18 views

BBSXP论坛程序New.asp页面过滤不严导致SQL注入漏洞

New.asp 代码分析: Sort=HTMLEncodeRequest"Sort" //第24行 if Sort = empty then SqlSort="ThreadID" else SqlSort=Sort end if 。。。。。。 sql="Select top "&SqlTopicCount&" from "&TablePrefix&"Threads where Visible=1 "&SqlForumID&" "&SqlTimeLimit&" order by "&SqlSort&" desc" //第66行 过滤函数HTMLEncode...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/02/22 12:0 a.m.14 views

BBSXP论坛程序Members.asp页面过滤不严导致SQL注入漏洞

漏洞文件: Members.asp 代码分析:. CurrentAccountStatus=HTMLEncodeRequest"CurrentAccountStatus" //第11行 。。。。。。 if CurrentAccountStatus "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&"" //第22行 。。。。。。 TotalCount=Execute"Select countUserID From "&TablePrefix&"Users"&item0 //第54行...

7.1AI score
Exploits0
Rows per page
Query Builder