[VIM] Rediscovery: Flexphpnews news.php/newsid SQL injection
Steven M. Christey
coley at mitre.org
Wed Apr 11 22:13:08 UTC 2007
Researcher: Dj7xpl
Ref: http://www.milw0rm.com/exploits/3631
Rediscovery of CVE-2005-1237 - same vectors (newsid param and
news.php), same bug type.
Also: verified by source inspection by one of our team members.
news.php has 'require("./NewsSql.inc.php");' and '$result =
$db->getnewsbyid($newsid);'. NewsSql.inc.php has function
getnewsbyid($newsid) ... $sql = "select * from news where
newsid='$newsid'"; ... $result = $this->select($sql);.
- Steve
More information about the VIM
mailing list