[VIM] SQL Injections in phpwebsite

George A. Theall theall at tenablesecurity.com
Wed Mar 22 20:09:32 EST 2006


security curmudgeon wrote:

> : The first issue does seem to be new, but the second appears to be the 
> : same as that covered by CVE-2002-2178 / OSVDB 3850 and announced here:
> : 
> :   http://archives.neohapsis.com/archives/bugtraq/2002-10/0029.html
> 
> OSVDB 3850 covers "article.php HTML IMG tags XSS", not an SQL injection. 
> Currently, none of our entries cover an SQL injection in friend.php or 
> article.php. CVE 2002-2178 covers article.php sid variable injection, 
> but uses it as an example for the IMG tag XSS.

I understand, but what I was getting as is whether the issue with
article.php was mis-classified as a cross-site scripting flaw rather
than a SQL injection. Given that a mysql syntax error will echo the
query if PHP's display_errors setting is enabled, the person behind the
report at

  http://archives.neohapsis.com/archives/bugtraq/2002-10/0029.html

may have blindly been attacking phpwebsite and missed the true nature of
this particular problem.

Is there another vector of attack for the IMG tags XSS affecting
phpwebsite? The ECHU advisory posted to fd only says that phpwebsite is
affected but doesn't specify exactly how.

George
--
theall at tenablesecurity.com


More information about the VIM mailing list