9 lines
No EOL
650 B
Text
9 lines
No EOL
650 B
Text
source: https://www.securityfocus.com/bid/52728/info
|
|
|
|
NextBBS is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an authentication-bypass vulnerability.
|
|
|
|
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass the authentication process to gain unauthorized access to the system.
|
|
|
|
NextBBS 0.6.0 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/nextbbs.0.6.0/index.php?do=<body+onload=alert(document.cookie);> |