BBSxp 2008 (Build: 8.0.4) Sql Injection Vulnerability

MoveThread.asp MoveThread.asp行2-24 % if CookieUserName =empty then error"您还未a href=""javascript:BBSXPModal.Open 'Login.asp',380,170;""登录/a论坛" '保存cookie登陆即可 ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then ThreadIDArray=SplitThreadID,"," '判断数组,避免13行出错 if...