[VIM] HobSR SQl injection partially verified

Steven M. Christey coley at mitre.org
Tue Dec 6 01:44:35 EST 2005

I was able to verify the $arrange portion of the SQL injection in


$arrange can be injected directly into a mysql_query at line 47.

For $p, however: $p does not appear to be used in a query, but the
$pages variable is set as "$pages=$p-1" and later used in a
calculation, then in a DESC LIMIT clause, which might trigger an SQL
error - but I'm not sure.

- Steve

More information about the VIM mailing list