[VIM] Flax Article Manager SQL injection explanation

str0ke str0ke at milw0rm.com
Mon Jun 1 18:04:05 UTC 2009

Its bunk, throwing it into null vill.

Steven M. Christey wrote:
> http://www.milw0rm.com/exploits/8800
> This is labeled as SQL injection but the cookie is merely being set to
> some URL-encoded value ",21232f297a57a5a743894a0e4a801fc3", then the "2/"
> portion of the exploit implies that you effectively need to know the ID
> and password already.  Anybody know what's going on here?  (BTW the
> product link is at http://www.flaxweb.com/products/articles)
> - Steve

More information about the VIM mailing list