[VIM] Bugtraq Ids 37702 vs 43591
George A. Theall
theall at tenable.com
Thu Sep 30 11:40:51 CDT 2010
The newly-created Bugtraq Id 43591 covers a SQL injection in a product
named MyPhpAuction -- apparently user-input to the 'id' parameter of
the 'product_desc.php' is not sanitized before being used in a
database query. SecurityFocus gives as a PoC:
Notice the "zeeauctions_admin"? Looks like the product is just a
rebranded version of that, no? And indeed, if you go to the product
you'll notice the demo links to http://www.canadianelitehosting.com/Demos/ZeeAuctions/
, which appears to be that based on its banner.
Given this, the BID seems to be a dup of BID 37702, which gives as a
I'm not clear about the attribution, but this seems to correspond to
EDB Id 11047 although it's been truncated (cut-and-paste error?).
Taking this into consideration, these two BIDs seem to be duplicates.
Rob, did you guys at SecurityFocus look into this at all?
theall at tenablesecurity.com
More information about the VIM