[VIM] Verified PHP-addressbook view.php/id SQL injection

Steven M. Christey coley at mitre.org
Sun Dec 11 03:21:11 EST 2005

Verified the above issue via source code inspection.

$id variable is injected directly into SQL; include files do not
define it.  See source extract below.

Other issues are highly likely.

- Steve


include ("include/header.inc.php");

include ("include/dbconnect.php");

if ($id) {

   $result = mysql_query("SELECT * FROM $table WHERE id=$id",$db);

More information about the VIM mailing list