https://www.exploit-db.com/exploits/24016
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-071

Phorum是一款基于WEB的论坛程序。Phorum没有充分过滤用户提交的输入，远程攻击者利用这个漏洞进行SQL注如入攻击，可获得敏感信息或破坏数据库。由于Phorum包含的脚本’include/userlogin.php’对’$user’参数缺少充分过滤，虽然程序使用了”Magicquotes”，但$phorum_uriauth使用”%2527″参数，后续的urldecode()操作就会解析成”‘”，因此提交恶意SQL命令给参数，可绕过原有数据库逻辑，获得敏感信息或者可以更改数据库操作。

source: http://www.securityfocus.com/bid/10173/info

Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input.

This issue may allow a remote attacker to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

http://www.example.com/index.php?modname=saf&id=4

来源:BID
名称:10173
链接:http://www.securityfocus.com/bid/10173
来源:SECUNIA
名称:11407
链接:http://secunia.com/advisories/11407
来源:XF
名称:phorum-userlogin-sql-injection(15894)
链接:http://xforce.iss.net/xforce/xfdb/15894
来源:www.waraxe.us
链接:http://www.waraxe.us/index.php?modname=sa&id;=19
来源:BUGTRAQ
名称:20040419[waraxe-2004-SA#019-CriticalsqlinjectionbuginPhorum3.4.7]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108239796512897&w;=2