[VIM] CVE-2008-6157 / Milw0rm 7613
lyger
lyger at attrition.org
Fri Feb 20 06:28:33 UTC 2009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-6157
SepCity Classified Ads stores the admin password in cleartext in
data/classifieds.mdb, which allows context-dependent attackers to obtain
sensitive information.
http://milw0rm.com/exploits/7613
I'm not seeing a reference to *.mdb in the milw0rm exploit page, but it's
the only reference listed in the CVE, which pertains to information
disclosure and not SQLi. Can anyone clarify?
More information about the VIM
mailing list