[VIM] bttlxeForum infoleak - SQL injection instead? (fwd)

Steven M. Christey coley at linus.mitre.org
Fri May 13 23:07:25 EDT 2005

Inquiry sent to researcher - possible mis-diagnosis.

---------- Forwarded message ----------
Date: Fri, 13 May 2005 23:06:49 -0400 (EDT)
From: Steven M. Christey <coley at mitre.org>
To: deadlink at elitemail.org
Cc: coley at mitre.org
Subject: bttlxeForum infoleak - SQL injection instead?


I saw your recent bttlxeForum post on SecurityTracker:


You say there's a full-path information leak after providing a
hex-encoded value to the page parameter, but you also show the
following portion of the error message:

  The SELECT statement includes a reserved word or an argument name
  that is misspelled or missing, or the punctuation is incorrect.

This suggests - but does not prove - that bttlxeForum might have
constructed all or part of a SQL query with input from the topic
parameter - your hex-encoded input - which would then suggest SQL

Have you been able to confirm if the real underlying problem is, in
fact, SQL injection?

Steve Christey
CVE Editor

More information about the VIM mailing list