[VIM] RaceEventManagement <--v0.7.6 SQL injection & XSS (fwd)

security curmudgeon jericho at attrition.org
Mon Jun 5 00:55:13 EDT 2006


: This is ISS 26580, but while searching google for "nennung.php" found 
: two pages of results. The ISS entry, various bugtraq post references, 
: and a couple sites using a page with that name. One of them is this site 
: which is very suspicious given the subject of the post. I'm thinking 
: this is site specific.
: 
: http://www.race-event-management.de/rem/nennung.php?pid=1&id=153

As Sullo points out to me:

if you search inurl:nennung.php i see a bunch of race sites using it... 
so i think it's a product, someplace...



More information about the VIM mailing list