VULHUB ™

DeluxeBB是一款基于PHP的论坛程序。 DeluxeBB的forums.php文件中没有正确地过滤对sort参数的输入便用在了SQL查询中，这允许远程攻击者通过注入任意SQL代码操控SQL查询。 以下是有漏洞的代码段： 108.if(!$sort) { 109.$sort = \'\'DESC\'\'; 110.} elseif($sort==\'\'ASC\'\' || $sort==\'\'DESC\'\') { 111.$add .= \'\'＆sort=\'\'.$sort; 112.} 113. 114.//calculating pages and navigation 115.$current_count = 0; 116.$tppt = $settings[\'\'tppt\'\']; 117. 118.//caching censors 119.if($settings[\'\'censors\'\']!=0) { 120.bbcodecache(); 121.} 122. 123.//forum info 124.$rows = $db-＞query(\"SELECT COUNT(tid) FROM \".$prefix.\"threads WHERE (lastpostdate＞=\'\'$posttime\'\' ＆＆ fid=\'\'$fid\'\')\"); 125.$nrows = $db-＞result($rows); 126. 127.$pageinfo = multipage($nrows, $page, $settings[\'\'tppf\'\'], \"forums.php?fid=$fid\"); 128. 129.include($templatefolder.\'\'/forums_header.dtf\'\'); 130. 131.//get and format all threads 132.$threads = $db-＞query(\"SELECT t.*,u.username FROM \".$prefix.\"threads t LEFT JOIN \".$prefix.\"users u ON (t.author=u.uid)

DeluxeBB是一款基于PHP的论坛程序。 DeluxeBB的forums.php文件中没有正确地过滤对sort参数的输入便用在了SQL查询中，这允许远程攻击者通过注入任意SQL代码操控SQL查询。 以下是有漏洞的代码段： 108.if(!$sort) { 109.$sort = \'\'DESC\'\'; 110.} elseif($sort==\'\'ASC\'\' || $sort==\'\'DESC\'\') { 111.$add .= \'\'＆sort=\'\'.$sort; 112.} 113. 114.//calculating pages and navigation 115.$current_count = 0; 116.$tppt = $settings[\'\'tppt\'\']; 117. 118.//caching censors 119.if($settings[\'\'censors\'\']!=0) { 120.bbcodecache(); 121.} 122. 123.//forum info 124.$rows = $db-＞query(\"SELECT COUNT(tid) FROM \".$prefix.\"threads WHERE (lastpostdate＞=\'\'$posttime\'\' ＆＆ fid=\'\'$fid\'\')\"); 125.$nrows = $db-＞result($rows); 126. 127.$pageinfo = multipage($nrows, $page, $settings[\'\'tppf\'\'], \"forums.php?fid=$fid\"); 128. 129.include($templatefolder.\'\'/forums_header.dtf\'\'); 130. 131.//get and format all threads 132.$threads = $db-＞query(\"SELECT t.*,u.username FROM \".$prefix.\"threads t LEFT JOIN \".$prefix.\"users u ON (t.author=u.uid)