[VIM] ajann's XOOPS viewcat.php issues - site-specific or not?
George A. Theall
theall at tenablesecurity.com
Tue Apr 3 02:16:48 UTC 2007
On 04/02/07 21:22, Steven M. Christey wrote:
> ajann's been posting a ton of stuff to milw0rm using SQL injection in
> "viewcat.php" with a "cid" or similar parameter, theoretically dealing
> with multiple different modules. This looks like it might be a
> site-specific issue in http://www.xoops.pr.gov.br, anybody have any
> thoughts?
I think he's been looking through the various modules for Xoops much
like Xoron seems to be doing for PHP-Fusion and people did before for
Mambo / Joomla and phpBB. And while I haven't looked at all of the
modules, I did look at a couple of the more popular ones (Articles,
Debaser, and WF-Section) and verified that the flaws do exist. [These
do, though, involve different parameters and scripts than cid /
viewcat.php.]
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list