header-logo
Suggest Exploit
vendor:
NextBBS
by:
SecurityFocus
7,5
CVSS
HIGH
SQL-injection, Cross-site Scripting, Authentication-bypass
89, 79, 287
CWE
Product Name: NextBBS
Affected Version From: 0.6.0
Affected Version To: 0.6.0
Patch Exists: YES
Related CWE: N/A
CPE: nextbbs.0.6.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

NextBBS Multiple Vulnerabilities

NextBBS is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an authentication-bypass vulnerability. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass the authentication process to gain unauthorized access to the system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Cross-site scripting attacks can be prevented by validating input and encoding output. Authentication bypass can be prevented by using strong authentication mechanisms.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/52728/info
 
NextBBS is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and an authentication-bypass vulnerability.
 
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass the authentication process to gain unauthorized access to the system.
 
NextBBS 0.6.0 is vulnerable; other versions may also be affected. 

http://www.example.com/nextbbs.0.6.0/index.php?do=<body+onload=alert(document.cookie);>

Navigation

Suggest Exploit

Services By CQR