[VIM] Rediscovery: Flexphpnews news.php/newsid SQL injection

Steven M. Christey coley at mitre.org
Wed Apr 11 22:13:08 UTC 2007


Researcher: Dj7xpl
Ref: http://www.milw0rm.com/exploits/3631

Rediscovery of CVE-2005-1237 - same vectors (newsid param and
news.php), same bug type.

Also: verified by source inspection by one of our team members.
news.php has 'require("./NewsSql.inc.php");' and '$result =
$db->getnewsbyid($newsid);'.  NewsSql.inc.php has function
getnewsbyid($newsid) ... $sql = "select * from news where
newsid='$newsid'"; ... $result = $this->select($sql);.


- Steve


More information about the VIM mailing list