[VIM] bttlxeForum infoleak - SQL injection instead? (fwd)

Steven M. Christey coley at linus.mitre.org
Fri May 13 23:07:25 EDT 2005


Inquiry sent to researcher - possible mis-diagnosis.

---------- Forwarded message ----------
Date: Fri, 13 May 2005 23:06:49 -0400 (EDT)
From: Steven M. Christey <coley at mitre.org>
To: deadlink at elitemail.org
Cc: coley at mitre.org
Subject: bttlxeForum infoleak - SQL injection instead?


ComSec,

I saw your recent bttlxeForum post on SecurityTracker:

  http://securitytracker.com/id?1013934

You say there's a full-path information leak after providing a
hex-encoded value to the page parameter, but you also show the
following portion of the error message:

  The SELECT statement includes a reserved word or an argument name
  that is misspelled or missing, or the punctuation is incorrect.

This suggests - but does not prove - that bttlxeForum might have
constructed all or part of a SQL query with input from the topic
parameter - your hex-encoded input - which would then suggest SQL
injection.

Have you been able to confirm if the real underlying problem is, in
fact, SQL injection?


Thanks,
Steve Christey
CVE Editor


More information about the VIM mailing list