[VIM] CVE source verify: The Web Drivers Forum SQL injection
Steven M. Christey
coley at mitre.org
Wed Nov 8 15:08:03 EST 2006
Downloaded the specified file on 20061108. Product does not appear to
have a version. Most files are dated 20060318, including
$ms_sql="select * from tbl_forum where forum_id=". $_GET['id'];
conn.php only connects to the database; $_GET is untouched there.
Also: note spelling of the vendor name, which is called "Webdrivers"
in the milw0rm post. This was verified in the readme.txt in the forum
distribution, pluse the vendor's front page.
More information about the VIM