[VIM] Grafitti Forums 1.0 Remote SQL Injection/HTML Injection Vulnerabilities

str0ke str0ke at milw0rm.com
Mon Sep 15 05:11:15 UTC 2008


George,

Vendor url: http://www.bluedojo.com/graffiti.php

Ya its a dupe.

George A. Theall wrote:
> Anyone know which product milw0rm 6429 supposedly covers? SirGod
> doesn't mention a vendor, nor does the corresponding Bugtraq ID (31130).
>
> Apart from a slight difference in the spelling of the product, the SQL
> injection issue involving the 'f' parameter to 'topics.php' seems to
> be a rehash of a discovery made by Paisterist back in 2006:
>
>   http://archives.neohapsis.com/archives/bugtraq/2006-07/0102.html
>
> and covered by Bugtraq 18928.
>
> George


More information about the VIM mailing list