[VIM] EV0074 BirthSys 3.1 SQL injection (fwd)
security curmudgeon
jericho at attrition.org
Sat Feb 18 20:35:12 EST 2006
Sorry Steven, I thought I had sent this to the list. I have 23186 (covers
date.php) locked until I see what other databases do. If enough keep
entries, I will keep it and myth/fake flag it.
---------- Forwarded message ----------
From: Josh Zlatin <jzlatin at ramat.cc>
To: jericho at attrition.org
Date: Wed, 15 Feb 2006 09:32:14 -0500 (EST)
Subject: Re: EV0074 BirthSys 3.1 SQL injection (fwd)
Well I guess you can remove osvdb #23186.
--
- Josh
---------- Forwarded message ----------
Date: Wed, 15 Feb 2006 16:30:24 +0300
From: Support - eVuln.com <support at evuln.com>
To: Josh Zlatin <jzlatin at ramat.cc>
Subject: Re: EV0074 BirthSys 3.1 SQL injection
You are right.
SQL Injection exists only in "show.php"
date.php is not vulnerable.
Thanks!
Aliaksandr Hartsuyeu
http://evuln.com
> I wanted to clarify the SQL injection in the data.php3 file in BirthSys
> 3.1 that you reported. I was unable to recreate the SQL injection via
> either the 'date' or 'month' variables as both are those are set in the
> date.php3 code itself:
>
> Quoted from BirthSys data.php3:
> $date = date( "d" );
> $month=("$monthName[$currentMonth]");
>
> The only SQL query in that script is:
> $result = mysql_query("SELECT * FROM birthsys WHERE month= $month AND
> day= $date");
>
> so am I missing something or is this a mistake?
>
> Thanks,
>
> --
> - Josh
>
More information about the VIM
mailing list