[VIM] Claimed SQL injection in ArticleLive

Steven M. Christey coley at mitre.org
Tue May 10 21:33:47 EDT 2005

FYI, Diabolic Crab's recent advisory on ArticleLive claims SQL
injection, but doesn't provide any clear examples:


A modified Query parameter to the search utility is given, and the
parameter starts with the "'" character, but the resulting error
message suggests straightforward "information-leak-on-error" without
any apparent relation to SQL injection.

I'll post a followup to Bugtraq to see what's up.

- Steve

More information about the VIM mailing list