CVE-2008-2022

MegaBBS 2.2 - Cross-Site Scripting via toid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2022. PoCs published by BugReport.IR.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in MegaBBS Forum 2.2, including SQL injection in 'attach-file.asp' and 'controlpanel.asp', and XSS in 'impersonate.asp' and 'send-private-message.asp'. The PoC provides forms to trigger these vulnerabilities.

Description

Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/5507

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in MegaBBS Forum 2.2, including SQL injection in 'attach-file.asp' and 'controlpanel.asp', and XSS in 'impersonate.asp' and 'send-private-message.asp'. The PoC provides forms to trigger these vulnerabilities.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: MegaBBS Forum 2.2

Auth required

Prerequisites: Access to vulnerable MegaBBS Forum instance · Valid session for authenticated XSS

MITRE ATT&CK