[VIM] ajann's XOOPS viewcat.php issues - site-specific or not?

George A. Theall theall at tenablesecurity.com
Tue Apr 3 02:16:48 UTC 2007

On 04/02/07 21:22, Steven M. Christey wrote:

> ajann's been posting a ton of stuff to milw0rm using SQL injection in
> "viewcat.php" with a "cid" or similar parameter, theoretically dealing
> with multiple different modules.  This looks like it might be a
> site-specific issue in http://www.xoops.pr.gov.br, anybody have any
> thoughts?  

I think he's been looking through the various modules for Xoops much 
like Xoron seems to be doing for PHP-Fusion and people did before for 
Mambo / Joomla and phpBB. And while I haven't looked at all of the 
modules, I did look at a couple of the more popular ones (Articles, 
Debaser, and WF-Section) and verified that the flaws do exist. [These 
do, though, involve different parameters and scripts than cid / 

theall at tenablesecurity.com

More information about the VIM mailing list