https://www.exploit-db.com/exploits/24330
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-858

AntiBoard是一款基于PHP的论坛程序。AntiBoard对用户提交的参数缺少充分过滤，远程攻击者可以利用这个漏洞获得敏感信息或更改数据库。’antiboard.php’脚本没有正确过滤用户输入，远程攻击者可以通过’thread_id’和’parent_id’字段注入SQL命令，可更改原有数据库逻辑导致修改数据库数据或获得敏感信息。另外’antiboard.php’脚本也没有正确过滤HTML代码，因此攻击者可以构建恶意链接，诱使用户访问，可泄露目标用户基于COOKIE的验证信息。

source: http://www.securityfocus.com/bid/10821/info
 
Multiple vulnerabilities are reported to exist in the application due to insufficient sanitization of user-supplied data. The issues include various instances of SQL injection and a cross-site scripting vulnerability.
 
AntiBoard versions 0.7.2 and prior are affected by these issues.

/antiboard.php?thread_id=1&mode=threaded&range=&feedback=<script>alert(document.cookie);</script>

来源:XF
名称:antiboard-feedback-xss(16830)
链接:http://xforce.iss.net/xforce/xfdb/16830
来源:BID
名称:10821
链接:http://www.securityfocus.com/bid/10821
来源:SECUNIA
名称:12137
链接:http://secunia.com/advisories/12137
来源:BUGTRAQ
名称:20040728AntiBoard<=0.7.2XSS/SQLInjection
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109105610220965&w;=2
来源:OSVDB
名称:8269
链接:http://www.osvdb.org/8269
来源：NSFOCUS
名称：6748
链接：http://www.nsfocus.net/vulndb/6748