Discuz!NT 2.*-3.5.2 SQL注入漏洞

Discuz!NT 是康盛创想(Comsenz)旗下的一款功能强大的基于 ASP.NET 平台的社区软件。ajaxtopicinfo.ascx用户控件 poster SQL注入漏洞。结合ajax.aspx调用任意用户控件漏洞 admin/UserControls/ ajaxtopicinfo.ascx 函数 GetCondition (WebsiteManage.cs) //62 行 if (posterlist != "") { string[] poster = posterlist.Split(','); condition += " AND [poster] in ("; string tempposerlist = ""; foreach (string p in poster) { tempposerlist += "'" + p + "',"; } if (tempposerlist != "") tempposerlisttempposerlist = tempposerlist.Substring(0, tempposerlist.Length - 1); condition += tempposerlist + ")"; Discuz!NT 2.*-3.5.2 官方补丁http://nt.discuz.net/showtopic-135589.html