[VIM] [Aria-Security Team] iNews News Manager SQL Injection
Steven M. Christey
coley at linus.mitre.org
Tue Nov 28 14:03:44 EST 2006
It also appears that the affected product might be iNews Publisher; the
vendor's demo sites for News Manager don't use an articles.asp (at least
not from the main page), but Publisher does.
On Tue, 28 Nov 2006, security curmudgeon wrote:
> : #Method: SQL Injection
> : #
> : #PoC:
> : #http://target/path/articles.asp?ex=[XSS]
> Is this SQL Injection or Cross-Site Scripting (XSS)?
More information about the VIM