https://www.exploit-db.com/exploits/25870
https://www.securityfocus.com/bid/89133
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-201

DUwareDUforum3.1，可能还包括其它版本，存在多个SQL注入漏洞，远程攻击者可借助：(1)提交到messages.asp的iMsg参数，(2)到post.asp或(3)到forums.asp的iFor参数，或(4)到userEdit.asp的id参数，来执行任意SQL指令。注：据更新报道，向量1和向量3会影响3.0版本。

source: http://www.securityfocus.com/bid/14035/info
  
DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
  
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/DUforum/forums.asp?iFor=[SQL Inject]

DUWare DUforum 3.1

来源:XF
名称:duforum-messages-forums-sql-injection(30668)
链接:http://xforce.iss.net/xforce/xfdb/30668
来源:BUGTRAQ
名称:20061202[Aria-SecurityTeam]DuWareDuForumSQLInjectionVuln
链接:http://www.securityfocus.com/archive/1/archive/1/453330/100/0/threaded
来源:BUGTRAQ
名称:20050622[ECHO_ADV_19$2005]MultipleSQLINJECTIONinDUWAREProducts
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111945219205114&w;=2
来源:MISC
链接:http://echo.or.id/adv/adv19-theday-2005.txt