[VIM] MkPortal <= 1.1.1 reviews / gallery modules SQL Injection Exploit
George A. Theall
theall at tenablesecurity.com
Fri Jul 13 02:20:18 UTC 2007
Milw0rm 4179 / BID 24891 seems like it's a subset of the issues covered
by BID 24886 /
<http://archives.neohapsis.com/archives/bugtraq/2007-07/0119.html>. That
is, the 'ind' parameter controls the module, 'op' controls the function,
and 'iden' is the specific input passed to the SQL queries.
Anyone else notice this?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list