[VIM] Flax Article Manager SQL injection explanation
str0ke at milw0rm.com
Mon Jun 1 18:04:05 UTC 2009
Its bunk, throwing it into null vill.
Steven M. Christey wrote:
> This is labeled as SQL injection but the cookie is merely being set to
> some URL-encoded value ",21232f297a57a5a743894a0e4a801fc3", then the "2/"
> portion of the exploit implies that you effectively need to know the ID
> and password already. Anybody know what's going on here? (BTW the
> product link is at http://www.flaxweb.com/products/articles)
> - Steve
More information about the VIM