BBSxp 2008 (Build: 8.0.4) Sql Injection Vulnerability

MoveThread.asp MoveThread.asp行2-24 % if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then ThreadIDArray=SplitThreadID,"," '判断数组,避免13行出错 if...

MyBB-104SQL.txt

MyBB 1.0.4 New SQL Injection D3vil-0x1 File :- search.php 580 to 592 / START / if$mybb-input'forums' != "all" if!isarray$mybb-input'forums' input'forums' = arrayintval$mybb-input'forums'; foreach$mybb-input'forums' as $forum if!$searchin$forum $query = $db-query"SELECT f.fid FROM...