[VIM] Chipmunk XSS is likely resultant from SQL injection

Steven M. Christey coley at mitre.org
Sun Oct 23 01:25:07 EDT 2005

I'm not in the mood at this instant to deal with this entirely, but I
thought I'd mention it:

  XSS & Path Disclosure in  Chipmunk's  products

This is likely another example of primary SQL injection with resultant
XSS from an error message, being labeled only as XSS by the

A download of the Forum product and a quick glance at quote.php shows
that the $forumID variable is used in several SQL queries, e.g.:

> $getforuminfo="SELECT * from b_forums where ID='$forumID'";


>       $posting="INSERT INTO b_posts (author, title, post,timepost, telapsed, threadparent, postforum, lastpost,nosmilies,ipaddress ) values ('$name', '$title', '$post', '$day', '$timegone', '$threadparent', '$forumID','$user','$nosmiley','$s')";

Interestingly, later vectors in the code suggest there might be real

- Steve

More information about the VIM mailing list