[VIM] [Change Request] 21910: WebDB Search Module search Variable SQL Injection (fwd)
jericho at attrition.org
Tue Mar 7 16:12:02 EST 2006
I'm trying to figure this out as well =)
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Lois Software
Cc: moderators at osvdb.org
Date: Tue, 7 Mar 2006 16:05:05 -0500 (EST)
Subject: RE: [OSVDB Mods] [Change Request] 21910: WebDB Search Module search
Variable SQL Injection
: : Does this entail your clients installing an upgrade, or applying a
: : patch?
: No .. All clients use a common code library and have their own front end
: and databases and connections. So as soon as a change / upgrade /
: enhancement is made to the code, all users of the software begin to use
: the latest changes immediately.
Does this code reside on your servers then? Do your customers use your
servers for everything, ie: you provide a managed service for them? Or do
they just pull the shared code from your server, but use it from their own
I'm trying to figure out how to word a solution here, and it doesn't sound
like calling it an upgrade or patch is appropriate.
Thanks for helping to clear this up!
More information about the VIM