[VIM] probably false: SchoolBoard (admin.php) SQL injection

Steven M. Christey coley at mitre.org
Fri May 11 15:48:14 UTC 2007

Researcher: iLker Kandemir
Ref: BUGTRAQ SchoolBoard (admin.php) Remote Login Bypass SQL Injection

1. The quoted source code doesn't show anything related to SQL
   queries, although they are used.

2. There's no 'username' ANYWHERE in the entire distribution.

3. "pass" and "password" are not used in any queries, at least in
   admin.php.  They are barely used at all in the entire distribution.

- Steve

More information about the VIM mailing list