[VIM] vendor ACK for MGB Guestbook issue

Steven M. Christey coley at mitre.org
Thu Jan 18 18:55:43 EST 2007

Researcher: SlimTim10
Ref: http://www.milw0rm.com/exploits/3141

Today Jan 18, the vendor site is:


A google translation says: "18.01.2007 | MGB publishes SAFETY
UPDATE/SECURITY UPDATES...  the hacker attacks of yesterday forced me
briefly before the publication of the MGB 0,6 to it. The safety gap
over the hackers entrance created myself, I eliminated."

Previous posts have similar related discussion.

A diff between and was rather extensive, but review of
email.php shows:

>         $getid = htmlspecialchars(stripslashes(strip_tags(trim($_GET[id]))), ENT_QUOTES);
<          	$sql="SELECT email, name FROM $db[entrys] WHERE id=".$_GET[id]." ORDER BY ID DESC";
>          	$query = "SELECT email, name FROM $db[entrys] WHERE id='".$getid."' LIMIT 1";         	

which is obviously intended to cleanse the id parameter from
email.php, although the use of htmlspecialchars in an SQL query seems
prone to error.

- Steve

More information about the VIM mailing list