44 matches found
BBSXP 2008 - ShowPost.asp Cross-Site Scripting
BBSXP 2008 - ShowPost.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/38542/info BBSXP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...
BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38542/info BBSXP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net
Affected versions: BBSxp 2 0 0 8 Build: 8.0.4 Vulnerability description: File:MoveThread. asp MoveThread. asp line 2-2 of 4 if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=R...
BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net
File:MoveThread. asp MoveThread. asp line 2-2 of 4 % if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...
Cross site scripting
Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2009-0285
Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2009-0285
Cross-site scripting XSS vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2009-0285
CVE-2009-0285 describes a cross-site scripting (XSS) vulnerability in the error.asp page of BBSXP 5.13 and earlier . The weakness is exploitable via the message parameter , enabling remote attackers to inject arbitrary web script or HTML. The provided documents confirm the vulnerability and affec...
BBSxp Xss vulnerability
Product name: BBSxp System Vendor: www.bbsxp.com BBSxp 5.13 & prior versions XSS bug in error.asp page Example: http://example/bbs/error.asp?message=xss...
BBSxp 5.13 Cross Site Scripting
Product name: BBSxp System Vendor: www.bbsxp.com BBSxp 5.13 & prior versions XSS bug in error.asp page Example: http://example/bbs/error.asp?message=xss...
BBSXP 5.13 - error.asp Cross-Site Scripting
BBSXP 5.13 - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/33411/info BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...
BBSXP 5.13 - 'error.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/33411/info BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...
BBSxp 2008 MoveThread.asp页面存在SQL注入漏洞
BBSXP为一款简单的ASP+SQL与ACCESS开发的多风格论坛 目前最新版本为BBSXP2008。漏洞文件:MoveThread.asp MoveThread.asp行2-24% if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...
BBSXP论坛程序Manage.asp页面过滤不严导致SQL注入漏洞
漏洞描述: Manage.asp文件的ThreadID没有经过任何过滤便放入SQL语句中执行 导致注射漏洞发生 漏洞代码: % if CookieUserName=empty then error"您还未a href=""javascript:BBSXPModal.Open'Login.asp',380,170;""登录/a论坛" if RequestMethod "POST" then error"li提交方式错误!/lili您本次使用的是"& RequestMethod&"提交方式!/li" ForumID=RequestInt"ForumID"...
BBSxp HTMLEncode过滤函数过滤不严导致绕过漏洞
BBSXP为一款简单的ASP+SQL与ACCESS开发的多风格论坛 目前最新版本为BBSXP2008。 官方最新过滤函数HTMLEncode,这次过滤了字符 ,再一次绕过过滤注射 Function HTMLEncodefString fString=ReplacefString,CHR9,"" fString=ReplacefString,CHR13,"" fString=ReplacefString,CHR22,"" fString=ReplacefString,CHR38,"&" '“&” fString=ReplacefString,CHR32," " '“ ”...
BBSXP the latest vulnerability and the discovery process-vulnerability warning-the black bar safety net
Operating environment: Micromedia Dreamweaver 8.0+IIS 5.0+SQL Server 2 0 0 0+BBSXP 6.00 SP1 SQL Travel back to the days of work relatively easily, just as everyone presented a few days ago found BBSXP new vulnerability, the way to find the ASP program vulnerability method. See here you should thi...
BBSxp 2 0 0 8 (Build: 8.0.4) Sql Injection Vulnerability-vulnerability warning-the black bar safety net
============================================ Starter http://www. nspcn. org, reprint please reserved here copyright ============================================ Vulnerability release:Tr4c3at1 2 6dotCom Impact version BBSxp 2 0 0 8 Build: 8.0.4other version not see Vulnerability file:MoveThread. a...
BBSxp 2008 (Build: 8.0.4) Sql Injection Vulnerability
MoveThread.asp MoveThread.asp行2-24 % if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then ThreadIDArray=SplitThreadID,"," '判断数组,避免13行出错 if...
BBSXP论坛程序New.asp页面过滤不严导致SQL注入漏洞
New.asp 代码分析: Sort=HTMLEncodeRequest"Sort" //第24行 if Sort = empty then SqlSort="ThreadID" else SqlSort=Sort end if 。。。。。。 sql="Select top "&SqlTopicCount&" from "&TablePrefix&"Threads where Visible=1 "&SqlForumID&" "&SqlTimeLimit&" order by "&SqlSort&" desc" //第66行 过滤函数HTMLEncode...
BBSXP论坛程序Members.asp页面过滤不严导致SQL注入漏洞
漏洞文件: Members.asp 代码分析:. CurrentAccountStatus=HTMLEncodeRequest"CurrentAccountStatus" //第11行 。。。。。。 if CurrentAccountStatus "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&"" //第22行 。。。。。。 TotalCount=Execute"Select countUserID From "&TablePrefix&"Users"&item0 //第54行...