[转载]myPHP Forum v1 v2 v3

  信息来源：terencentanio enache btopenworld com

- Credits
- SMFDBPWNOCS
- Solution
- Contact

###
# Credits
###

Exploit discovered by Phoxpherus (Phorce), Phox (R&P), Terencentanio (Root32)

###
# SMFDBPWNOCS - Stupid Mofo Database Spamming When No One Can See
###

In short, forum.php and topic.php have no validation checks. They are wide open to
do whatever you want.

Let's use myphp.ws forums for example. You go to their forums, click a forum category.
In the URL bar, you'll see "fid=n", where n is the topic number. Now, we can
change this to whatever we want. Let's say, "fid=999999999". Nothing will be displayed,
but we can still click the "new topic" link. By doing so, we can enter
a message into forum "999999999" ... but that forum doesn't even exist.

The same stands for topic.php. If you click a topic, you'll see "tid=n". We can again
change this to anything we want, say "999999999", and post replies.

This allows for spamming of a database, and no one can see it. Not tried, but you
may even be able to start your own forums up.

###
# Solution
###

The solution I have used is:

[PHP]
$jym = $_GET['fid'];
$lralg = "SELECT * FROM $db_forum WHERE fid = '$val'";
$res = mysql_query($lralg);
$hu = mysql_numrows($res);
$i=0;
while ($i < $hu) {
$hysa = mysql_result($res,$i,"name");
$i++;
}
if($hu == "0")
{
header("Location: index.php");
}
[/PHP]

.. in forum.php. You can add a variant to topic.php to patch the other hole.

###
# Contact
###

Email: terencentanio enache btopenworld com
MSN: al_bhed_brother microsoft com