[VIM] Claimed SQL injection in ArticleLive
Steven M. Christey
coley at linus.mitre.org
Tue May 10 22:07:13 EDT 2005
On Tue, 10 May 2005, security curmudgeon wrote:
> Right. They assume that since it errors out, it is an SQL injection and
> exploitable.
I strongly suspect that a number of claimed XSS issues in PHP applications
are really XSS-style inputs being reflected back to the user in error
messages as generated by the PHP interpreter, but alas I can't *prove* it
yet ;-)
- Steve
More information about the VIM
mailing list