<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("input,check") PageTitle=stripHTML("OpenBB 1.0/1.1 Index.PHP Remote SQL Injection Vulnerability") ArticleIntro=stripHTML("77169.com小编引言:OpenBB 1.0/1.1 Index.PHP Remote SQL Injection Vulnerability,漏洞的主要原因:") Articlecontent=stripHTML("source: http://www.securityfocus.com/bid/7401/info

It has been reported that Op…") ModuleName = stripHTML("exploits") InfoID = stripHTML("170876") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> OpenBB 1.0/1.1 Index.PHP Remote SQL Injection Vulnerability - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> 最新漏洞 >> 其它漏洞 >> 正文

OpenBB 1.0/1.1 Index.PHP Remote SQL Injection Vulnerability

2003/4/20 作者:不祥 来源: 互联网
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>
source: http://www.securityfocus.com/bid/7401/info

It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. 

http://www.example.com/index.php?CID=1%20<something>

where <something> represents a SQL query.