XChangeboard | Art Hacker

XChangeboard newThread.php文件SQL注入漏洞

Posted by Hacker on 07月 7, 2008 2条评论

受影响系统：
Henrik Brinkmann XChangeboard 1.75 Beta
Henrik Brinkmann XChangeboard 1.70
描述：
BUGTRAQ ID: 30059
Xchangeboard是基于PHP和MySQL的公告牌解决方案。
Xchangeboard的newThread.php文件中没有正确地验证对boardID参数的输入便在SQL查询中使用，这允许远程攻击者通过提交恶意的查询请求执行SQL注入攻击。
<*来源：haZl0oh

链接：http://secunia.com/advisories/30919/
*>
测试方法：
——————————————————————————– Read more »

Category: Notice loopholes

Page 1 of 11

Popular
Recent Comments
Archives

Archives by date

Archives by category

Art Hacker
We advocate freedom, equality, sharing and mutual aid

XChangeboard newThread.php文件SQL注入漏洞

Popular Posts

Recent Comments

Archives by date

Archives by category

Sponsors

ADTOLL

Public Service Ads

Subscribe Me

Function

Recent Post

Tag Cloud

Advertise

BBS Links

Blog Sites

Arthack Links

Partner links

Art HackerWe advocate freedom, equality, sharing and mutual aid

XChangeboard newThread.php文件SQL注入漏洞

Popular Posts

Recent Comments

Archives by date

Archives by category

Sponsors

ADTOLL

Public Service Ads

Subscribe Me

Function

Recent Post

Tag Cloud

Advertise

BBS Links

Blog Sites

Arthack Links

Partner links

Art Hacker
We advocate freedom, equality, sharing and mutual aid