[VIM] bttlxeForum infoleak - SQL injection instead? (fwd)
Steven M. Christey
coley at linus.mitre.org
Fri May 13 23:07:25 EDT 2005
Inquiry sent to researcher - possible mis-diagnosis.
---------- Forwarded message ----------
Date: Fri, 13 May 2005 23:06:49 -0400 (EDT)
From: Steven M. Christey <coley at mitre.org>
To: deadlink at elitemail.org
Cc: coley at mitre.org
Subject: bttlxeForum infoleak - SQL injection instead?
I saw your recent bttlxeForum post on SecurityTracker:
You say there's a full-path information leak after providing a
hex-encoded value to the page parameter, but you also show the
following portion of the error message:
The SELECT statement includes a reserved word or an argument name
that is misspelled or missing, or the punctuation is incorrect.
This suggests - but does not prove - that bttlxeForum might have
constructed all or part of a SQL query with input from the topic
parameter - your hex-encoded input - which would then suggest SQL
Have you been able to confirm if the real underlying problem is, in
fact, SQL injection?
More information about the VIM