[VIM] EV0074 BirthSys 3.1 SQL injection (fwd)
security curmudgeon
jericho at attrition.org
Wed Feb 15 08:48:38 EST 2006
One of our manglers discovered a small error in a recent evuln.com
disclosure. Apparently 'date.php' is really 'date.php3'. I encouraged him
to contact evuln.com with this information.
---------- Forwarded message ----------
From: Josh Zlatin
To: support at evuln.com
Date: Wed, 15 Feb 2006 08:50:10 -0500 (EST)
Subject: EV0074 BirthSys 3.1 SQL injection
I wanted to clarify the SQL injection in the data.php3 file in BirthSys
3.1 that you reported. I was unable to recreate the SQL injection via
either the 'date' or 'month' variables as both are those are set in the
date.php3 code itself:
Quoted from BirthSys data.php3:
$date = date( "d" );
$month=("$monthName[$currentMonth]");
The only SQL query in that script is:
$result = mysql_query("SELECT * FROM birthsys WHERE month= $month AND day=
$date");
so am I missing something or is this a mistake?
Thanks,
--
- Josh
More information about the VIM
mailing list