[VIM] Claimed SQL injection in ArticleLive
Steven M. Christey
coley at mitre.org
Tue May 10 21:33:47 EDT 2005
FYI, Diabolic Crab's recent advisory on ArticleLive claims SQL
injection, but doesn't provide any clear examples:
http://www.digitalparadox.org/advisories/inal.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=111530871724865&w=2
A modified Query parameter to the search utility is given, and the
parameter starts with the "'" character, but the resulting error
message suggests straightforward "information-leak-on-error" without
any apparent relation to SQL injection.
I'll post a followup to Bugtraq to see what's up.
- Steve
More information about the VIM
mailing list