[VIM] probably false: SchoolBoard (admin.php) SQL injection
Steven M. Christey
coley at mitre.org
Fri May 11 15:48:14 UTC 2007
Researcher: iLker Kandemir
Ref: BUGTRAQ SchoolBoard (admin.php) Remote Login Bypass SQL Injection
Vulnerability
http://www.securityfocus.com/archive/1/archive/1/467486/100/0/threaded
1. The quoted source code doesn't show anything related to SQL
queries, although they are used.
2. There's no 'username' ANYWHERE in the entire distribution.
3. "pass" and "password" are not used in any queries, at least in
admin.php. They are barely used at all in the entire distribution.
- Steve
More information about the VIM
mailing list