https://www.exploit-db.com/exploits/25657
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1052

OpenBulletinBoard(OpenBB)1.0.8中member.php存在跨站脚本攻击(XSS)漏洞，远程攻击者可通过list操作中的reverse参数来注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13625/info

OpenBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue reportedly affects OpenBB version 1.0.8; other versions may also be vulnerable. 

http://www.example.com/member.php?action=list&page=2&sortorder=username&perpage=25&reverse="><script>alert('test');</script>

来源:BID
名称:13625
链接:http://www.securityfocus.com/bid/13625
来源:BUGTRAQ
名称:20050513OpenBBSQLInjection&Cross-siteScriptingVulnerability;
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111601780332632&w;=2