[VIM] Flax Article Manager SQL injection explanation

[str0ke]

Its bunk, throwing it into null vill.

Steven M. Christey wrote:
> http://www.milw0rm.com/exploits/8800
>
> This is labeled as SQL injection but the cookie is merely being set to
> some URL-encoded value ",21232f297a57a5a743894a0e4a801fc3", then the "2/"
> portion of the exploit implies that you effectively need to know the ID
> and password already.  Anybody know what's going on here?  (BTW the
> product link is at http://www.flaxweb.com/products/articles)
>
> - Steve
>
>