https://www.exploit-db.com/exploits/24675
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-793

DUwareDUforum3.0到3.1版本存在SQL注入漏洞。远程攻击者可以借助（1）messages.asp中的FOR_ID参数，（2）messageDetail.asp中的MSG_ID参数，或者（3）登录表单中的password参数执行任意SQL命令。

source: http://www.securityfocus.com/bid/11363/info
   
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
   
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
   
DUclassified is reported prone to multiple SQL injection vulnerabilities.
   
SQL injection issues also affect DUforum.
   
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.

http://www.example.com/DUforum/messageDetail.asp?MSG_ID=1;[SQL INJECT]

来源:XF
名称:duforum-sql-injection(17680)
链接:http://xforce.iss.net/xforce/xfdb/17680
来源:SECTRACK
名称:1011595
链接:http://www.securitytracker.com/alerts/2004/Oct/1011595.html
来源:BID
名称:11363
链接:http://www.securityfocus.com/bid/11363
来源:OSVDB
名称:10666
链接:http://www.osvdb.org/10666
来源:OSVDB
名称:10665
链接:http://www.osvdb.org/10665
来源:OSVDB
名称:10664
链接:http://www.osvdb.org/10664