https://www.exploit-db.com/exploits/24698
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200410-085

UBBThreads是一款基于PHP的论坛程序。UBBThreadsdosearch.php脚本对用户提交的输入缺少充分过滤，远程攻击者可以利用这个漏洞进行SQL注入攻击，可能获得敏感信息。dosearch.php不正确过滤用户提交给’name’参数的数据，远程攻击者提供恶意SQL命令作为参数数据，可更改原有SQL逻辑，获得敏感信息。

source: http://www.securityfocus.com/bid/11502/info

It is reported that UBBCentral UBB.threads is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input.

Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.

www.example.com/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695 
OR 
www.example.com/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*

来源:XF
名称:ubbthreads-sql-injection(17821)
链接:http://xforce.iss.net/xforce/xfdb/17821
来源:BID
名称:11502
链接:http://www.securityfocus.com/bid/11502
来源:BUGTRAQ
名称:20041021SQLInjectioninUBB.threads3.4.x
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109839925207038&w;=2