[VIM] EV0074 BirthSys 3.1 SQL injection (fwd)

Steven M. Christey coley at linus.mitre.org
Sat Feb 18 18:37:47 EST 2006


I just ran across this in CVE.  He's changed his page so that it only
mentions show.php, but the text still mentions $date.

I can confirm seeing the same code as the OSVDB mangler, but I saw it in
the .php extension downloads (there is one set of downloads with .php3 and
another with .php).

The exploit countdown is down to 2 days, so maybe we'll get more info then
:)

- Steve


More information about the VIM mailing list