[VIM] CVE source verify: The Web Drivers Forum SQL injection
Steven M. Christey
coley at mitre.org
Wed Nov 8 15:08:03 EST 2006
Researcher: Bl0od3r
Ref: http://www.milw0rm.com/exploits/2722
Downloaded the specified file on 20061108. Product does not appear to
have a version. Most files are dated 20060318, including
message_details.php.
from message_details.php:
<? include("conn.php");
$ms_sql="select * from tbl_forum where forum_id=". $_GET['id'];
$query_res=mysql_query($ms_sql);
conn.php only connects to the database; $_GET is untouched there.
Also: note spelling of the vendor name, which is called "Webdrivers"
in the milw0rm post. This was verified in the readme.txt in the forum
distribution, pluse the vendor's front page.
- Steve
More information about the VIM
mailing list