[VIM] [Change Request] 21910: WebDB Search Module search Variable SQL Injection (fwd)

security curmudgeon jericho at attrition.org
Tue Mar 7 16:39:16 EST 2006



---------- Forwarded message ----------
From: Lois Software
To: security curmudgeon <jericho at attrition.org>
Cc: moderators at osvdb.org
Date: Tue, 7 Mar 2006 21:34:48 -0000
Subject: RE: [OSVDB Mods] [Change Request] 21910: WebDB Search Module search
     Variable SQL Injection

Hi Brian  Yes ... everything happens on my server .... the WebDB code
resides on my server and each user has access to the common code. I also
host their front end web sites and their databases. Each client will have
their own database which stores all of their data and their settings for the
search, results and details pages. There will also be a separate connection
file for each user so the code will know which database to use.

So a search page for a client will just contain the following code:-

<!--#include file =..\..\dbsystem\connect-clientname.asp-->
<!--#include file =..\..\dbcode\search\search.asp-->

Some example sites include:-

[..]

I hope that helps!! .... if not, feel free to ask if you want any further
clarification

Best Wishes

Jerry










More information about the VIM mailing list