https://www.exploit-db.com/exploits/23774
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200411-080

YABBSE是一款基于PHP/MySQL的论坛程序。YABBSE由于不正确的输入验证，远程攻击者可以利用这些漏洞进行SQL注入和目录遍历攻击。SQL注入漏洞存在于ModifyMessage函数中，由于对$msg参数没有进行任何输入检查，因此可造成SQL注入攻击。造成敏感信息泄露和数据库信息删除。目录遍历攻击是由于ModifyMessage函数没有对用户提交给$attachOld参数包含”../”字符的数据缺少过滤，攻击者可能以WEB进程权限查看系统任意文件内容。

source: http://www.securityfocus.com/bid/9774/info

It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.

YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well.

http://www.example.com/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
d=1+or+1=1+ORDER+BY+ID_MSG+DESC/*

来源:BID
名称:9774
链接:http://www.securityfocus.com/bid/9774
来源:BUGTRAQ
名称:20040301YabbSE(3on1)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107816202813083&w;=2