CVE-2004-1555

BroadBoard Instant ASP Message Board - SQL Injection via Search Keywords or Profile Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1555. PoCs published by pigrelax.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in BroadBoard Message Board, where user-supplied URI input is not properly sanitized before being used in SQL queries. The example URI demonstrates a potential attack vector but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by pigrelax · textwebappsasp
https://www.exploit-db.com/exploits/24625

The provided text describes a SQL injection vulnerability in BroadBoard Message Board, where user-supplied URI input is not properly sanitized before being used in SQL queries. The example URI demonstrates a potential attack vector but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: BroadBoard Message Board
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pigrelax · textwebappsasp
https://www.exploit-db.com/exploits/24626

The provided text describes a SQL injection vulnerability in BroadBoard Message Board, where user-supplied input in the 'handle' parameter of 'profile.asp' is not properly sanitized. This allows an attacker to manipulate SQL queries, potentially leading to data exposure or corruption.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: BroadBoard Message Board (version not specified)
No auth needed
Prerequisites: Access to the vulnerable BroadBoard Message Board instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11250
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1011419
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17502
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17500
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17498
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109630777608244&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12658
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17501

Scores

EPSS 0.0188
EPSS Percentile 76.9%

Details

Status published
Products (1)
broadboard_instant/asp_message_board
Published Dec 31, 2004
Tracked Since Feb 18, 2026