[VIM] CVE-2008-6157 / Milw0rm 7613

lyger lyger at attrition.org
Fri Feb 20 06:28:33 UTC 2009


http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-6157

SepCity Classified Ads stores the admin password in cleartext in 
data/classifieds.mdb, which allows context-dependent attackers to obtain 
sensitive information.

http://milw0rm.com/exploits/7613

I'm not seeing a reference to *.mdb in the milw0rm exploit page, but it's 
the only reference listed in the CVE, which pertains to information 
disclosure and not SQLi.  Can anyone clarify?


More information about the VIM mailing list