Campus Bulletin Board Multiple Input Validation Vulnerabilities

vendor:

Campus Bulletin Board

by:

SecurityFocus

7.5

CVSS

HIGH

SQL Injection and Cross-Site Scripting

89, 79

CWE

Product Name: Campus Bulletin Board

Affected Version From: 3.4

Affected Version To: 3.4

Patch Exists: N/A

Related CWE: N/A

CPE: a:campus_bulletin_board:campus_bulletin_board

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Campus Bulletin Board Multiple Input Validation Vulnerabilities

Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands or access data that the user should not be able to access.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/29375/info
  
Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
  
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  
Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected. 

http://www.example.com/post3/book.asp?review=-99&#039;)+union+select+0,password,uid,3,4,5,6,7,8,9,10+from+user+where+1=1+union+select+*+From+&#20844;&#20296;&#27396
;+Where+&#039;%&#039;=(&#039;