Author: curious
Version: the latest version of dvbbs 8.2.0 (the latest program directly under the dynamic Network Forum)
Vulnerability file: 1. bokemanage. asp & bokepostings. asp
2. BokeSearch. asp vulnerabilities have the same principles
The official website seems to have been deleted.
Bytes -----------------------------------------------------------------------------------
Bokepostings. asp: about 270 lines of code
-------------
P_Catid = Request. Form ("Catid ")
P_Lock = DvBoke. CheckNumeric (Request. Form ("Lock "))
P_Best = DvBoke. CheckNumeric (Request. Form ("Best "))
P_PostContent = CheckAlipay ()
If P_PostContent = "" Then P_PostContent = DvBoke. Checkstr (Request. Form ("PostContent "))
P_PostTitleNote = DvBoke. Checkstr (Request. Form ("PostTitleNote") // The problem occurs here
PostID = DvBoke. CheckNumeric (Request. Form ("PostID "))
RootID = DvBoke. CheckNumeric (Request. Form ("RootID "))
P_Weather = DvBoke. CheckNumeric (Request. Form ("Weather "))
----------------------------------------------------------------------------------
Some code of the bokemanage. asp file is about 290 lines.
-----------------------------------
P_Lock = DvBoke. CheckNumeric (Request. Form ("Lock "))
P_Best = DvBoke. CheckNumeric (Request. Form ("Best "))
P_PostContent = CheckAlipay ()
If P_PostContent = "" Then P_PostContent = DvBoke. Checkstr (Request. Form ("PostContent "))
P_PostTitleNote = DvBoke. Checkstr (Request. Form ("PostTitleNote") // The problem occurs here
PostID = DvBoke. CheckNumeric (Request. Form ("PostID "))
--------------------------------------------------
The code in the checkstr () function is as follows:
----------
Public Function Checkstr (Str)
If Isnull (Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace (Str, Chr (0 ),"")
CheckStr = Replace (Str, "", "") // Replace"
End Function
-------------------------------------------------------------------------
Below are some codes in BokeSearch. asp.
------------
SelType = DvBoke. CheckNumeric (Request ("Sel "))
KeyWord = DvBoke. Checkstr (Request ("KeyWord") // use the checkstr () function to filter data.
DYear = DvBoke. CheckNumeric (Request ("DY "))
DMonth = DvBoke. CheckNumeric (Request ("DM "))
........
If KeyWord <> "" Then
Select Case SelType
Case 2 Content
SqlStr = SqlStr & "and Content like %" & KeyWord & "%"
Case 1 Author
SqlStr = SqlStr & "and UserName like %" & KeyWord & "%"
Case Else title
SqlStr = SqlStr & "and Title like %" & KeyWord & "%"
End Select
Attackers can bypass filtering to inject ............