[VIM] EV0074 BirthSys 3.1 SQL injection (fwd)

security curmudgeon jericho at attrition.org
Wed Feb 15 08:48:38 EST 2006

One of our manglers discovered a small error in a recent evuln.com 
disclosure. Apparently 'date.php' is really 'date.php3'. I encouraged him 
to contact evuln.com with this information.

---------- Forwarded message ----------
From: Josh Zlatin
To: support at evuln.com
Date: Wed, 15 Feb 2006 08:50:10 -0500 (EST)
Subject: EV0074 BirthSys 3.1 SQL injection

I wanted to clarify the SQL injection in the data.php3 file in BirthSys
3.1 that you reported. I was unable to recreate the SQL injection via
either the 'date' or 'month' variables as both are those are set in the
date.php3 code itself:

Quoted from BirthSys data.php3:
$date = date( "d" );

The only SQL query in that script is:
$result = mysql_query("SELECT * FROM birthsys WHERE month= $month AND day= 

so am I missing something or is this a mistake?


   - Josh

More information about the VIM mailing list