[VIM] Claimed SQL injection in ArticleLive
Steven M. Christey
coley at mitre.org
Tue May 10 21:33:47 EDT 2005
FYI, Diabolic Crab's recent advisory on ArticleLive claims SQL
injection, but doesn't provide any clear examples:
A modified Query parameter to the search utility is given, and the
parameter starts with the "'" character, but the resulting error
message suggests straightforward "information-leak-on-error" without
any apparent relation to SQL injection.
I'll post a followup to Bugtraq to see what's up.
More information about the VIM