[VIM] probably false: SchoolBoard (admin.php) SQL injection
Steven M. Christey
coley at mitre.org
Fri May 11 15:48:14 UTC 2007
Researcher: iLker Kandemir
Ref: BUGTRAQ SchoolBoard (admin.php) Remote Login Bypass SQL Injection
1. The quoted source code doesn't show anything related to SQL
queries, although they are used.
2. There's no 'username' ANYWHERE in the entire distribution.
3. "pass" and "password" are not used in any queries, at least in
admin.php. They are barely used at all in the entire distribution.
More information about the VIM