[VIM] RaceEventManagement <--v0.7.6 SQL injection & XSS (fwd)

security curmudgeon jericho at attrition.org
Thu Jun 1 05:40:44 EDT 2006


This is ISS 26580, but while searching google for "nennung.php" found two 
pages of results. The ISS entry, various bugtraq post references, and a 
couple sites using a page with that name. One of them is this site which 
is very suspicious given the subject of the post. I'm thinking this is 
site specific.

http://www.race-event-management.de/rem/nennung.php?pid=1&id=153

---------- Forwarded message ----------
From: Mster-X at hotmail.com
To: bugtraq at securityfocus.com
Date: 20 May 2006 10:20:40 -0000
Subject: RaceEventManagement <--v0.7.6 SQL injection & XSS

============================
Discovery By: Mr-X
Site: www.alshmokh.com
E-mail: Mster-X at hotmail.com
===========================

Example:
/nennung.php?pid=[SQL]
/nennung.php?pid=[XSS]


More information about the VIM mailing list