dvbbs 8.2 SQLע©

[dvbbs 8.2 SQLע© ȫ]©:http://seclists.org/bugtraq/2008/May/0330.html

÷ʽ:һ͵sqlע©,չ˵

password=123123&codestr=71&CookieDate=2&userhidden=2&comeurl=index.asp&submit=%u7ACB%u5373%u767B%u5F55&ajaxPost=1&am 
©:aspҲһȽԪϵĳ,8.2°һͼĴ.©login.asp 118 

...... 
username=trim(Dvbbs.CheckStr(request("username"))) 
If ajaxPro Then username = unescape(username) 
...... 

ȡõusernameȾȻunescape,urlencodeģʽͿĹκμ,phpurldecodeµע,Ʃ%2527Ϳύȥ. 
