Guest:
Register
|
Login
|
Member List
|
Search
|
Statistics
|
FAQ
Language
----------
Simplifed Chinese
Traditional Chinese
English
CnPack Forum
»
公告及其它
» 请检查论坛是否有sql的漏洞
‹‹ Last Thread
|
Next Thread ››
Poll
Trade
Reward
Activity
Printable Version
|
Email to Friend
|
Subscription
|
Favorites
Subject: 请检查论坛是否有sql的漏洞
rocky
普通灌水员
UID 584
Digest Posts 0
Credits 60
Posts 56
点点分 60
Reading Access 10
Registered 2004-11-28
Location 天府之国
Status Offline
#1
Post at 2005-1-2 16:55
Profile
|
Blog
|
P.M.
请检查论坛是否有sql的漏洞
刚才我回帖,敲了"what's new"然后死活提交不成功,一直提示sql语法错误,后来把new去掉了才行,看来提交的内容好像是会被解析的,不知道这个论坛有没有一些sql语言的漏洞,要是有的话可能会被别有用心的人所利用,请站长检查
zjy
管理员
UID 2
Digest Posts
6
Credits 2385
Posts 1543
点点分 2385
Reading Access 102
Registered 2002-12-16
Location China
Status Offline
#2
Post at 2005-1-4 13:43
Profile
|
Site
|
Blog
|
P.M.
多谢提醒!
网站使用的是 Discuz!2.2F 的论坛,这个论坛要求在 php.ini 里设置 magic_quotes_gpc=on 以避免 SQL 注入,但是我们的服务器上没有开这个功能,所以我原来直接把这个提示去掉了,导致 SQL 提交的问题。
我刚才改了一下论坛的代码,现在已经可以提交带 '"\_ 这一类的特殊字符了。
Zhou JingYu
CnPack Administrator
http://www.cnpack.org/
rocky
普通灌水员
UID 584
Digest Posts 0
Credits 60
Posts 56
点点分 60
Reading Access 10
Registered 2004-11-28
Location 天府之国
Status Offline
#3
Post at 2005-1-5 13:40
Profile
|
Blog
|
P.M.
嗯,好的,站长多费心了。
Poll
Trade
Reward
Activity
CnPack Forum
CnPack English Forum
> CnWizards IDE Wizards
> CVSTracNT
> Announcements & Others
All times are GMT++8, the time now is 2024-11-22 00:30
Powered by
Discuz!
5.0.0
© 2001-2006
Comsenz Inc.
Processed in 0.009847 second(s), 8 queries , Gzip enabled
TOP
Clear Cookies
-
Contact Us
-
CnPack Website
-
Archiver
-
WAP
Member's CP Home
Edit Profile
Credits Transaction
Public User Groups
Buddy List
Main
Page Views
User Agents
Posts History
Top Forums
Top Threads
Post Ranking
Credit Ranking
Online Time
Team
Moderation Stats