[VIM] HobSR SQl injection partially verified
Steven M. Christey
coley at mitre.org
Tue Dec 6 01:44:35 EST 2005
I was able to verify the $arrange portion of the SQL injection in
HobSR:
http://pridels.blogspot.com/2005/12/hobsr-sql-inj-vuln.html
$arrange can be injected directly into a mysql_query at line 47.
For $p, however: $p does not appear to be used in a query, but the
$pages variable is set as "$pages=$p-1" and later used in a
calculation, then in a DESC LIMIT clause, which might trigger an SQL
error - but I'm not sure.
- Steve
More information about the VIM
mailing list