[VIM] Flax Article Manager SQL injection explanation
Steven M. Christey
coley at linus.mitre.org
Mon Jun 1 17:43:26 UTC 2009
http://www.milw0rm.com/exploits/8800
This is labeled as SQL injection but the cookie is merely being set to
some URL-encoded value ",21232f297a57a5a743894a0e4a801fc3", then the "2/"
portion of the exploit implies that you effectively need to know the ID
and password already. Anybody know what's going on here? (BTW the
product link is at http://www.flaxweb.com/products/articles)
- Steve
More information about the VIM
mailing list