[VIM] EV0074 BirthSys 3.1 SQL injection (fwd)

security curmudgeon jericho at attrition.org
Sat Feb 18 20:35:12 EST 2006

Sorry Steven, I thought I had sent this to the list. I have 23186 (covers 
date.php) locked until I see what other databases do. If enough keep 
entries, I will keep it and myth/fake flag it.

---------- Forwarded message ----------
From: Josh Zlatin <jzlatin at ramat.cc>
To: jericho at attrition.org
Date: Wed, 15 Feb 2006 09:32:14 -0500 (EST)
Subject: Re: EV0074 BirthSys 3.1 SQL injection (fwd)

Well I guess you can remove osvdb #23186.

  - Josh

---------- Forwarded message ----------
Date: Wed, 15 Feb 2006 16:30:24 +0300
From: Support - eVuln.com <support at evuln.com>
To: Josh Zlatin <jzlatin at ramat.cc>
Subject: Re: EV0074 BirthSys 3.1 SQL injection

You are right.
SQL Injection exists only in "show.php"
date.php  is not vulnerable.

Aliaksandr Hartsuyeu

> I wanted to clarify the SQL injection in the data.php3 file in BirthSys
> 3.1 that you reported. I was unable to recreate the SQL injection via
> either the 'date' or 'month' variables as both are those are set in the
> date.php3 code itself:
> Quoted from BirthSys data.php3:
> $date = date( "d" );
> $month=("$monthName[$currentMonth]");
> The only SQL query in that script is:
> $result = mysql_query("SELECT * FROM birthsys WHERE month= $month AND
> day= $date");
> so am I missing something or is this a mistake?
> Thanks,
> --
>    - Josh

More information about the VIM mailing list