CVE-2004-1966

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-1966. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in OpenBB due to improper input sanitization. It outlines potential impacts such as unauthorized data access or execution of malicious scripts in a victim's browser.

Description

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

Exploits (4)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24058

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in OpenBB due to improper input sanitization. It outlines potential impacts such as unauthorized data access or execution of malicious scripts in a victim's browser.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to the vulnerable OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24059

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in OpenBB, detailing potential attack vectors via manipulated URIs. It does not contain executable exploit code but references known vulnerabilities.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to the target OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24057

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in OpenBB, detailing affected parameters and potential impacts. It does not contain executable exploit code but serves as a vulnerability advisory.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to vulnerable OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24056

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in OpenBB due to improper input sanitization. It outlines potential impacts such as unauthorized data access or execution of malicious scripts in a user's browser.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to a vulnerable OpenBB instance

MITRE ATT&CK