[VIM] RaceEventManagement <--v0.7.6 SQL injection & XSS (fwd)
security curmudgeon
jericho at attrition.org
Thu Jun 1 05:40:44 EDT 2006
This is ISS 26580, but while searching google for "nennung.php" found two
pages of results. The ISS entry, various bugtraq post references, and a
couple sites using a page with that name. One of them is this site which
is very suspicious given the subject of the post. I'm thinking this is
site specific.
http://www.race-event-management.de/rem/nennung.php?pid=1&id=153
---------- Forwarded message ----------
From: Mster-X at hotmail.com
To: bugtraq at securityfocus.com
Date: 20 May 2006 10:20:40 -0000
Subject: RaceEventManagement <--v0.7.6 SQL injection & XSS
============================
Discovery By: Mr-X
Site: www.alshmokh.com
E-mail: Mster-X at hotmail.com
===========================
Example:
/nennung.php?pid=[SQL]
/nennung.php?pid=[XSS]
More information about the VIM
mailing list