[VIM] Claimed SQL injection in ArticleLive
Steven M. Christey
coley at linus.mitre.org
Tue May 10 22:01:30 EDT 2005
On Tue, 10 May 2005, security curmudgeon wrote:
> : FYI, Diabolic Crab's recent advisory on ArticleLive claims SQL
> : injection, but doesn't provide any clear examples:
> : http://www.digitalparadox.org/advisories/inal.txt
> : http://marc.theaimsgroup.com/?l=bugtraq&m=111530871724865&w=2
> : A modified Query parameter to the search utility is given, and the
> : parameter starts with the "'" character, but the resulting error message
> : suggests straightforward "information-leak-on-error" without any
> : apparent relation to SQL injection.
> Very likely the case. If he can trigger *any* error with *any* vague SQL
> syntax or related words, he assumes it is an SQL injection.
If it generates an SQL-related error then that should be enough to label
it SQL injection - although conditions might render it non-exploitable.
But you aren't always even given the error message. This is in the
general case, not just Diabolic Crab's.
Unfortunately, the lack of solid diagnosis is a common researcher error.
More information about the VIM