[VIM] Claimed SQL injection in ArticleLive
jericho at attrition.org
Tue May 10 21:49:40 EDT 2005
: FYI, Diabolic Crab's recent advisory on ArticleLive claims SQL
: injection, but doesn't provide any clear examples:
: A modified Query parameter to the search utility is given, and the
: parameter starts with the "'" character, but the resulting error message
: suggests straightforward "information-leak-on-error" without any
: apparent relation to SQL injection.
Very likely the case. If he can trigger *any* error with *any* vague SQL
syntax or related words, he assumes it is an SQL injection.
More information about the VIM