CVE-2008-2023

PD9 Software MegaBBS 2.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2023. PoCs published by BugReport.IR.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in MegaBBS Forum 2.2, including SQL injection in 'attach-file.asp' and 'controlpanel.asp', and XSS in 'impersonate.asp' and 'send-private-message.asp'. The PoC provides forms to trigger these vulnerabilities.

Description

Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/5507

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in MegaBBS Forum 2.2, including SQL injection in 'attach-file.asp' and 'controlpanel.asp', and XSS in 'impersonate.asp' and 'send-private-message.asp'. The PoC provides forms to trigger these vulnerabilities.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: MegaBBS Forum 2.2

Auth required

Prerequisites: Access to vulnerable MegaBBS Forum instance · Valid session for authenticated XSS

MITRE ATT&CK