[VIM] [Change Request] 21910: WebDB Search Module search Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Tue Mar 7 16:39:16 EST 2006
---------- Forwarded message ----------
From: Lois Software
To: security curmudgeon <jericho at attrition.org>
Cc: moderators at osvdb.org
Date: Tue, 7 Mar 2006 21:34:48 -0000
Subject: RE: [OSVDB Mods] [Change Request] 21910: WebDB Search Module search
Variable SQL Injection
Hi Brian Yes ... everything happens on my server .... the WebDB code
resides on my server and each user has access to the common code. I also
host their front end web sites and their databases. Each client will have
their own database which stores all of their data and their settings for the
search, results and details pages. There will also be a separate connection
file for each user so the code will know which database to use.
So a search page for a client will just contain the following code:-
<!--#include file =..\..\dbsystem\connect-clientname.asp-->
<!--#include file =..\..\dbcode\search\search.asp-->
Some example sites include:-
[..]
I hope that helps!! .... if not, feel free to ask if you want any further
clarification
Best Wishes
Jerry
More information about the VIM
mailing list