[VIM] [Aria-Security Team] iNews News Manager SQL Injection

Steven M. Christey coley at linus.mitre.org
Tue Nov 28 14:03:44 EST 2006


It also appears that the affected product might be iNews Publisher; the
vendor's demo sites for News Manager don't use an articles.asp (at least
not from the main page), but Publisher does.


On Tue, 28 Nov 2006, security curmudgeon wrote:

>
> : #Method: SQL Injection
> : #
> : #PoC:
> : #http://target/path/articles.asp?ex=[XSS]
>
> Is this SQL Injection or Cross-Site Scripting (XSS)?
>


More information about the VIM mailing list