[VIM] Claimed SQL injection in ArticleLive

Steven M. Christey coley at linus.mitre.org
Tue May 10 22:07:13 EDT 2005

On Tue, 10 May 2005, security curmudgeon wrote:

> Right. They assume that since it errors out, it is an SQL injection and
> exploitable.

I strongly suspect that a number of claimed XSS issues in PHP applications
are really XSS-style inputs being reflected back to the user in error
messages as generated by the PHP interpreter, but alas I can't *prove* it
yet ;-)

- Steve

More information about the VIM mailing list