[VIM] The disappearing iPostMX 2005 SQL injection issue

Steven M. Christey coley at mitre.org
Mon Jun 19 16:55:49 EDT 2006


References:

  XF:ipost-forum-sql-injection(27144)
  http://xforce.iss.net/xforce/xfdb/27144

claimed source:

  http://pridels.blogspot.com/2006/06/ipostmx-2005-vuln.html

Both ISS and one of CVE's analysts reported on an SQL injection
involving the forum parameter in messagepost.cfm and topic parameter
in topics.cfm, with the r0t advisory as a reference, but that detail
is no longer included in that reference as of 20060619.  Maybe this
was a site-specific problem, I don't know.  The pridels site at the
moment seems to be having some linking/presentation issues, so I can't
investigate further.


- Steve


More information about the VIM mailing list