Vulnerability description: Discuz! NT is the Kang Sheng Chong think(Comsenz)its a powerful based on ASP.NET platform community software. ajaxtopicinfo. ascx user control poster SQL injectionvulnerabilities. Combined with ajax. aspx call any user control vulnerability
Vulnerability file: admin/UserControls/ ajaxtopicinfo. ascx
File code: due to the posterlist variable is not filtered directly into the SQL statement of the query, resulting inSQL injection.
Function GetCondition (WebsiteManage. cs) //6 2 rows
if (posterlist != "")
string poster = posterlist. Split(',');
condition += " AND [poster] in (";
string tempposerlist = "";
foreach (string p in the poster)
tempposerlist += "'" + p + "',";
if (tempposerlist != "")
tempposerlisttempposerlist = tempposerlist. Substring(0, tempposerlist. Length - 1);
condition += tempposerlist + ")";
)The string ') AND [tid]>=1 AND [tid]<=1' After the quotation mark are not complete. Since the error message is hidden, but the SQL statement will be executed.
Vulnerability fix: official patch<http://nt.discuz.net/showtopic-135589.html>