[VIM] possible rediscovery - Pay Roll Time Sheet & Punch Card SQL injection

Steven M. Christey coley at linus.mitre.org
Thu Nov 4 11:53:39 CDT 2010


The "Password" parameter to login.asp, as stated in SECUNIA:42096, appears 
to be the same vector as CVE-2007-4106, whose references are:


CVE-2007-4106 uses "CodeWidgets" as the vendor name (more like the web 
site name), and the current discovery uses Comrie Software (which appears 
to be the appropriate vendor name).

These aren't exactly the same, though, since SECUNIA:42096 mentions an 
EmployeeNumber parameter, which is not covered by Aria-Security in 
CVE-2007-4106, and not explicitly stated by L0rd CrusAd3r in 
EXPLOIT-DB:15396.  In addition, the older SECUNIA:26275 does not 
specifically mention POST for the Password parameter, where the newer 
SECUNIA:42096 does.

- Steve

More information about the VIM mailing list