[VIM] The disappearing iPostMX 2005 SQL injection issue
Steven M. Christey
coley at mitre.org
Mon Jun 19 16:55:49 EDT 2006
References:
XF:ipost-forum-sql-injection(27144)
http://xforce.iss.net/xforce/xfdb/27144
claimed source:
http://pridels.blogspot.com/2006/06/ipostmx-2005-vuln.html
Both ISS and one of CVE's analysts reported on an SQL injection
involving the forum parameter in messagepost.cfm and topic parameter
in topics.cfm, with the r0t advisory as a reference, but that detail
is no longer included in that reference as of 20060619. Maybe this
was a site-specific problem, I don't know. The pridels site at the
moment seems to be having some linking/presentation issues, so I can't
investigate further.
- Steve
More information about the VIM
mailing list