[VIM] Bugtraq Ids 37702 vs 43591
rkeith
rkeith at securityfocus.com
Thu Sep 30 14:49:57 CDT 2010
Hey George,
We concur with this, and will be retiring 43591 shortly.
Cheers,
Rob
George A. Theall wrote:
> The newly-created Bugtraq Id 43591 covers a SQL injection in a product
> named MyPhpAuction -- apparently user-input to the 'id' parameter of the
> 'product_desc.php' is not sanitized before being used in a database
> query. SecurityFocus gives as a PoC:
>
>
> http://www.example.com/product_desc.php?id=-5+union+all+select+1,2,concat(admin_name,0x3a,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+zeeauctions_admin--
>
>
> Notice the "zeeauctions_admin"? Looks like the product is just a
> rebranded version of that, no? And indeed, if you go to the product page
> (http://galaxyscriptz.com/products/MyPhpAuction-2010.html), you'll
> notice the demo links to
> http://www.canadianelitehosting.com/Demos/ZeeAuctions/, which appears to
> be that based on its banner.
>
> Given this, the BID seems to be a dup of BID 37702, which gives as a PoC:
>
>
> http://www.example.com/auction/product_desc.php?id=-1/**/union/**/select/**/1,2,concat%28admin_name,0x3a3a3a,pwd%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+zeeauctions_adm
>
>
> I'm not clear about the attribution, but this seems to correspond to EDB
> Id 11047 although it's been truncated (cut-and-paste error?).
>
> Taking this into consideration, these two BIDs seem to be duplicates.
> Rob, did you guys at SecurityFocus look into this at all?
>
>
> George
More information about the VIM
mailing list