[VIM] Alternate theory on OvBB "SQL" vulnerability (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Nov 30 01:17:07 EST 2005

We'll see what the vendor says...  Maybe one day I'll actually get PHP on
some system and check this stuff out for reals :)

---------- Forwarded message ----------
Date: Wed, 30 Nov 2005 01:16:02 -0500 (EST)
From: Steven M. Christey <coley at mitre.org>
To: jon at ovbb.org
Cc: coley at mitre.org
Subject: Alternate theory on OvBB "SQL" vulnerability


I'm a vulnerability researcher for CVE, a standard naming scheme for

I looked at the source code for 0.08a and see how you used
mysql_real_escape_string to sanitize the parameters in question.

However, you don't check that they are numeric.

If someone has PHP verbose errors on, and you provide the parameters
with a non-numeric argument, then would it generate a SQL error that
complains about the bad data type?

This could be what r0t saw that made him think it's SQL injection.
This is a common diagnostic error made by many beginning researchers.

- Steve

More information about the VIM mailing list