[VIM] The disappearing iPostMX 2005 SQL injection issue
Steven M. Christey
coley at linus.mitre.org
Mon Jun 19 20:37:15 EDT 2006
On Mon, 19 Jun 2006, security curmudgeon wrote:
> On 2006-06-16, I created two entries in OSVDB for iPostMX cross-site
> scripting issues.
> 26522: iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
> 26523: iPostMX 2005 account.cfm RETURNURL Variable XSS
> At the time, the pridels advisory contained no mention of SQL injection
I verified with my analyst that the original version of the advisory
contained the SQL injection.
I attempted to email him but the address bounced. Just sent in a comment
to the page - we'll see if it's approved and answered.
More information about the VIM