[VIM] possible rediscovery - Pay Roll Time Sheet & Punch Card SQL injection

Steven M. Christey coley at linus.mitre.org
Thu Nov 4 11:53:39 CDT 2010


Refs:
EXPLOIT-DB:15396
BID:44609
SECUNIA:42096

The "Password" parameter to login.asp, as stated in SECUNIA:42096, appears 
to be the same vector as CVE-2007-4106, whose references are:

BID:25114
SECUNIA:26275


CVE-2007-4106 uses "CodeWidgets" as the vendor name (more like the web 
site name), and the current discovery uses Comrie Software (which appears 
to be the appropriate vendor name).

These aren't exactly the same, though, since SECUNIA:42096 mentions an 
EmployeeNumber parameter, which is not covered by Aria-Security in 
CVE-2007-4106, and not explicitly stated by L0rd CrusAd3r in 
EXPLOIT-DB:15396.  In addition, the older SECUNIA:26275 does not 
specifically mention POST for the Password parameter, where the newer 
SECUNIA:42096 does.

- Steve


More information about the VIM mailing list