https://www.exploit-db.com/exploits/26176
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-235

WoltLabBurningBoard是一款可自定义的论坛程序。WoltLabBurningBoard中存在SQL注入漏洞，远程攻击者可以利用这个漏洞通过modcp.php执行恶意的SQL代码。起因是没有正确的过滤用户输入。但是，如果要利用这个漏洞攻击者必需能够访问modcp.php。

source: http://www.securityfocus.com/bid/14617/info

Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

It should be noted an attacker must have moderator credentials to access the vulnerable script. 

http://www.example.com/modcp.php?action=post_del&x='SQL_CODE_HERE
http://www.example.com/modcp.php?action=post_del&x=6&y='SQL_CODE_HERE

来源:SECTRACK
名称:1014746
链接:http://securitytracker.com/id?1014746
来源:BID
名称:14617
链接:http://www.securityfocus.com/bid/14617