[VIM] probably false: SchoolBoard (admin.php) SQL injection

Steven M. Christey coley at mitre.org
Fri May 11 15:48:14 UTC 2007


Researcher: iLker Kandemir
Ref: BUGTRAQ SchoolBoard (admin.php) Remote Login Bypass SQL Injection
     Vulnerability
     http://www.securityfocus.com/archive/1/archive/1/467486/100/0/threaded


1. The quoted source code doesn't show anything related to SQL
   queries, although they are used.

2. There's no 'username' ANYWHERE in the entire distribution.

3. "pass" and "password" are not used in any queries, at least in
   admin.php.  They are barely used at all in the entire distribution.


- Steve


More information about the VIM mailing list